Moin! On 21 Aug 2025, at 21:46, Chad Dailey wrote:
> Maybe it's some FNG stuff... but we're having some issues resolving > samsung.com records, the .ic zones look like they don't belong: Well .ic does not exist in the global DNS, so all of these servers can’t be reached from the public Internet. Maybe they are resolvable internal at Samsung, but as I have no connection there I don’t know. They are also not in the delegation set from .com: zsh ❯ dig ns samsung.com @f.gtld-servers.net ; <<>> DiG 9.20.8 <<>> ns samsung.com @f.gtld-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46015 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;samsung.com. IN NS ;; AUTHORITY SECTION: samsung.com. 172800 IN NS dnssm.samsung.com. samsung.com. 172800 IN NS dnsst.samsung.com. samsung.com. 172800 IN NS dnsst2.samsung.com. samsung.com. 172800 IN NS dnssm2.samsung.com. samsung.com. 172800 IN NS dns-gi1.samsung.com. samsung.com. 172800 IN NS dns-awskr1.samsung.com. ;; ADDITIONAL SECTION: dnssm.samsung.com. 172800 IN A 203.241.132.51 dnsst.samsung.com. 172800 IN A 203.241.135.51 dnsst2.samsung.com. 172800 IN A 112.106.53.58 dnssm2.samsung.com. 172800 IN A 112.107.53.58 dns-gi1.samsung.com. 172800 IN A 203.241.132.185 dns-awskr1.samsung.com. 172800 IN A 52.79.211.80 ;; Query time: 8 msec ;; SERVER: 2001:503:d414::30#53(f.gtld-servers.net) (UDP) ;; WHEN: Fri Aug 22 08:57:49 CEST 2025 ;; MSG SIZE rcvd: 265 However Samsung is handing them out on the delegated server: zsh ❯ dig +nocookie NS samsung.com @203.241.132.51 ; <<>> DiG 9.20.8 <<>> +nocookie NS samsung.com @203.241.132.51 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43916 ;; flags: qr aa rd; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 14 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;samsung.com. IN NS ;; ANSWER SECTION: samsung.com. 300 IN NS auth03.sam.ic. samsung.com. 300 IN NS dnssm2.samsung.com. samsung.com. 300 IN NS auth02.nhn.ic. samsung.com. 300 IN NS dns-awskr1.samsung.com. samsung.com. 300 IN NS auth01.sam.ic. samsung.com. 300 IN NS dnsst2.samsung.com. samsung.com. 300 IN NS dnssm.samsung.com. samsung.com. 300 IN NS dns-gi1.samsung.com. samsung.com. 300 IN NS auth04.sam.ic. samsung.com. 300 IN NS auth04.nhn.ic. samsung.com. 300 IN NS auth03.nhn.ic. samsung.com. 300 IN NS dns-gi2.samsung.com. samsung.com. 300 IN NS auth01.nhn.ic. samsung.com. 300 IN NS dnsst.samsung.com. samsung.com. 300 IN NS auth02.sam.ic. ;; ADDITIONAL SECTION: dns-awskr1.samsung.com. 300 IN A 52.79.211.80 dns-gi2.samsung.com. 300 IN A 203.241.132.185 dns-gi2.samsung.com. 300 IN A 203.241.135.185 dns-gi2.samsung.com. 300 IN A 203.241.135.186 dnssm2.samsung.com. 300 IN A 112.107.53.58 dnsst2.samsung.com. 300 IN A 112.106.53.58 dnsst.samsung.com. 300 IN A 203.241.135.51 dnssm.samsung.com. 300 IN A 203.241.132.51 dns-gi1.samsung.com. 300 IN A 203.241.132.185 dnssm2.samsung.com. 300 IN AAAA 2001:330:a:300b:112:107:53:58 dnsst2.samsung.com. 300 IN AAAA 2001:330:a:b:112:106:53:58 dnsst.samsung.com. 300 IN AAAA 2001:330:a:a:203:241:135:51 dnssm.samsung.com. 300 IN AAAA 2001:330:a:300a:203:241:132:51 ;; Query time: 271 msec ;; SERVER: 203.241.132.51#53(203.241.132.51) (UDP) ;; WHEN: Fri Aug 22 08:59:52 CEST 2025 ;; MSG SIZE rcvd: 627 Your resolver however should ignore these incorrect servers and if you have a “parent centric” resolver it will never try to resolve them as they are not in the delegated name server set. So long -Ralf --- Ralf Weber _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
