On Fri, Aug 22, 2025 at 3:04 AM, Ralf Weber <[email protected]> wrote: > Moin! > > On 21 Aug 2025, at 21:46, Chad Dailey wrote: > > Maybe it's some FNG stuff... but we're having some issues resolving > samsung.com records, the .ic zones look like they don't belong: > > Well .ic does not exist in the global DNS, so all of these servers can’t > be reached from the public Internet. Maybe they are resolvable internal at > Samsung, but as I have no connection there I don’t know. >
Yeah, it's been like this for a long time — e.g: https://dnsviz.net/d/samsung.com/Zs3oyg/responses/ (around a year ago). I tried reaching out to the maintainer (dns01.cst.ic.), before realizing that that ain't gonna work either :-) I also tried emailing the WHOIS contact (Registrant Email: [email protected]), before deciding that I didn't really care… W They are also not in the delegation set from .com: > > zsh ❯ dig ns samsung.com @f.gtld-servers.net > > ; <<>> DiG 9.20.8 <<>> ns samsung.com @f.gtld-servers.net > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46015 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;samsung.com. IN NS > > ;; AUTHORITY SECTION: > samsung.com. 172800 IN NS dnssm.samsung.com. > samsung.com. 172800 IN NS dnsst.samsung.com. > samsung.com. 172800 IN NS dnsst2.samsung.com. > samsung.com. 172800 IN NS dnssm2.samsung.com. > samsung.com. 172800 IN NS dns-gi1.samsung.com. > samsung.com. 172800 IN NS dns-awskr1.samsung.com. > > ;; ADDITIONAL SECTION: > dnssm.samsung.com. 172800 IN A 203.241.132.51 > dnsst.samsung.com. 172800 IN A 203.241.135.51 > dnsst2.samsung.com. 172800 IN A 112.106.53.58 > dnssm2.samsung.com. 172800 IN A 112.107.53.58 > dns-gi1.samsung.com. 172800 IN A 203.241.132.185 > dns-awskr1.samsung.com. 172800 IN A 52.79.211.80 > > ;; Query time: 8 msec > ;; SERVER: 2001:503:d414::30#53(f.gtld-servers.net) (UDP) > ;; WHEN: Fri Aug 22 08:57:49 CEST 2025 > ;; MSG SIZE rcvd: 265 > > However Samsung is handing them out on the delegated server: > > zsh ❯ dig +nocookie NS samsung.com @203.241.132.51 > > ; <<>> DiG 9.20.8 <<>> +nocookie NS samsung.com @203.241.132.51 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43916 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 14 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1220 > ;; QUESTION SECTION: > ;samsung.com. IN NS > > ;; ANSWER SECTION: > samsung.com. 300 IN NS auth03.sam.ic. > samsung.com. 300 IN NS dnssm2.samsung.com. > samsung.com. 300 IN NS auth02.nhn.ic. > samsung.com. 300 IN NS dns-awskr1.samsung.com. > samsung.com. 300 IN NS auth01.sam.ic. > samsung.com. 300 IN NS dnsst2.samsung.com. > samsung.com. 300 IN NS dnssm.samsung.com. > samsung.com. 300 IN NS dns-gi1.samsung.com. > samsung.com. 300 IN NS auth04.sam.ic. > samsung.com. 300 IN NS auth04.nhn.ic. > samsung.com. 300 IN NS auth03.nhn.ic. > samsung.com. 300 IN NS dns-gi2.samsung.com. > samsung.com. 300 IN NS auth01.nhn.ic. > samsung.com. 300 IN NS dnsst.samsung.com. > samsung.com. 300 IN NS auth02.sam.ic. > > ;; ADDITIONAL SECTION: > dns-awskr1.samsung.com. 300 IN A 52.79.211.80 > dns-gi2.samsung.com. 300 IN A 203.241.132.185 > dns-gi2.samsung.com. 300 IN A 203.241.135.185 > dns-gi2.samsung.com. 300 IN A 203.241.135.186 > dnssm2.samsung.com. 300 IN A 112.107.53.58 > dnsst2.samsung.com. 300 IN A 112.106.53.58 > dnsst.samsung.com. 300 IN A 203.241.135.51 > dnssm.samsung.com. 300 IN A 203.241.132.51 > dns-gi1.samsung.com. 300 IN A 203.241.132.185 > dnssm2.samsung.com. 300 IN AAAA 2001:330:a:300b:112:107:53:58 dnsst2. > samsung.com. 300 IN AAAA 2001:330:a:b:112:106:53:58 dnsst.samsung.com. > 300 IN AAAA 2001:330:a:a:203:241:135:51 dnssm.samsung.com. 300 IN AAAA > 2001:330:a:300a:203:241:132:51 > > ;; Query time: 271 msec > ;; SERVER: 203.241.132.51#53(203.241.132.51) (UDP) > ;; WHEN: Fri Aug 22 08:59:52 CEST 2025 > ;; MSG SIZE rcvd: 627 > > Your resolver however should ignore these incorrect servers and if you > have a “parent centric” resolver it will never try to resolve them as they > are not in the delegated name server set. > > So long > -Ralf > --- > Ralf Weber > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations >
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
