[dns-operations] Quad9 denial of existence for _25._tcp.mx1.p01.antagonist.nl IN TLSA
According DNSViz, and the Cloudflare, Google and Verisign public resolvers the qname below has a TLSA record, but Quad returns an apparently valid denial of existence. It is possible that Quad9 is "the guilty party" here only by accident, and had I asked at another time, some other server would return the unexpected denial of existence. No idea where the associated RRSIGs and NSEC3 records are coming from. Perhaps there are some nameservers (reached via Quad9) for antagonist.nl that have a zone file in which the empty-non-terminal "_tcp" is missing... $ dig +dnssec +noall +comment +ans +auth -t tlsa _25._tcp.mx1.p01.antagonist.nl @9.9.9.10 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10642 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; AUTHORITY SECTION: antagonist.nl. 180 IN SOA ns1.antagonist.nl. hostmaster.antagonist.nl. 2018052300 180 3600 1209600 86400 cueh7hkbnbrqk65590909p4r0pq6cd45.antagonist.nl. 43200 IN NSEC3 1 0 1 AB D04COHDERT50P43FHSP1N5F7LDVTORH7 A RRSIG i33uq5toep0fslekf0mqpnv6pb6s002e.antagonist.nl. 43200 IN NSEC3 1 0 1 AB IDTV8EDH9FRO5UU2OC4N3PUM51SRLDGH A RRSIG g7u4gpdfmf579evnnqmc3v816rafktip.antagonist.nl. 43200 IN NSEC3 1 0 1 AB GFL0IAO83UJDAA6IHCTHFGL6T4KNILQO A RRSIG antagonist.nl. 180 IN RRSIG SOA 13 2 180 2019120500 2019111400 47684 antagonist.nl. TjahhD+sFLbHkIAUcUFFo+vC4icQKK2Zh+74BN+eFQ9JhkZaQ6AMYNbT wGfDZuNntzd2C3FS4SiIptAr6fOkvA== cueh7hkbnbrqk65590909p4r0pq6cd45.antagonist.nl. 86400 IN RRSIG NSEC3 13 3 86400 2019120500 2019111400 47684 antagonist.nl. 5KPt3wExlfKg4tZJ1fdR1xhnj8x8DsmgYR2+pCHkcc041thw3E6jQCfY CESVytcQcp6Zb/uJ3zxNXExJkEzZoQ== i33uq5toep0fslekf0mqpnv6pb6s002e.antagonist.nl. 86400 IN RRSIG NSEC3 13 3 86400 2019120500 2019111400 47684 antagonist.nl. Wrzps6dY9zhq14kBiFp0KwDqdkMtceOMV2cMKPkznhxFcsmpsTazZX1Z MAw/565cRwpWRoU5LuGNzGHg3ZstUQ== g7u4gpdfmf579evnnqmc3v816rafktip.antagonist.nl. 86400 IN RRSIG NSEC3 13 3 86400 2019120500 2019111400 47684 antagonist.nl. DBJvz7HbYSFS/PHtTXD2qMwsKuWXoqNj8MPNMIk84Jv4kY1w52EevWIS nIgDknp9DbzYcczQzOOu1cyEYulYPg== 6d1aa3h9jtqjdp0vjblqej9e17ub81hs. _25._tcp.mx1.p01.antagonist.nl v3rrfku7an9uo5qeuhbdndnruhp9esar. *._tcp.mx1.p01.antagonist.nl i9sp4p909spoci68n9q0r33hk9fes0n4. _tcp.mx1.p01.antagonist.nl(Covered) g90cq1j49b7nkrom5lcojqals2gittit. *.mx1.p01.antagonist.nl (Covered) cueh7hkbnbrqk65590909p4r0pq6cd45. mx1.p01.antagonist.nl (Covered, closest encloser) sac7gh66m6avf55q05gbfhh91a48hstf. *.p01.antagonist.nl iupnvfafqalai3eke44m2vi4vr89lgpk. p01.antagonist.nl 83jtudmler6j6tailr1f6hktosq1mvc4. *.antagonist.nl 29eiirrkt62jjrrigm5ouurhdt4p682u. antagonist.nl -- Viktor. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions on private nameservers registration
On 2019/11/25 19:57, Wesley Peng wrote: > If I want to run my own nameservers, saying they are: > > ns1.wsly.de. 1.2.3.4 > ns2.wsly.de. 5.6.7.8 > > > Would I put the glues into DE's registry, or shall I put glues into all > registries, including COM, NET, INFO, ccTLD etc? You would publish glue records to DE, and not to any of the others you mentioned. The only situations where glue records are required (or even useful) are when a resolver would be unable to traverse a referral without them. That is, when a nameserver's name is in-baliwick of a zone for which it is itself authoritative. Are ns{1,2}.wsly.de authoritative for wsly.de? Then glue is required in DE. Otherwise probably not [0]. [0] It would be theoretically possible for some other servers to be authoritative for wsly.de while ns1.wsly.de is authoritative for ns1.wsly.de and ns2.wsly.de is authoritative for ns2.wsle.de. In that case, you would need glue in WSLY.DE and not in DE, but it would be very unusual to do this in the first place and other DNS operators might look at you funny. -- John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B signature.asc Description: OpenPGP digital signature ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions on private nameservers registration
John, on 2019/11/26 9:35, John W. O'Brien wrote: Are ns{1,2}.wsly.de authoritative for wsly.de? Then glue is required in DE. Otherwise probably not [0]. Yes I plan to setup ns{1,2}.wsly.de to be wsly.de's auth-nameservers. Thank you for pointing out that. Regards. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] Questions on private nameservers registration
Hello If I want to run my own nameservers, saying they are: ns1.wsly.de. 1.2.3.4 ns2.wsly.de. 5.6.7.8 Would I put the glues into DE's registry, or shall I put glues into all registries, including COM, NET, INFO, ccTLD etc? Thanks. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
Thank you for instant support Peter. I love DENIC. on 2019/11/25 22:38, Peter Koch wrote: without knowing details about the registrar/reseller chain that you might be using, informing the registrar of such a change is a prerequisite for the delegation to change at the TLD level. That means, the registrar will change the respective entries in the TLD registry. In the case of DE, the current (sic!) cadence of zone publication is once per hour, which makes you incur a delay of up to two ours in the worst case. Meanwhile, your changes have made it into the DE zone (as published trough the DE TLD nameservers). Regards. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] root? we don't need no stinkin' root!
Funny you should mention this. It just occurred to me, although it also apparently occurred to one other soul on the dnsrpz mailing list, you can use RPZ to audit and to some extent contain leakage. Assuming you own example.com, I'm speaking about entries akin to the following: *.example.example.com CNAME . *.com.example.com CNAME . *.net.example.com CNAME . Entries like the foregoing will return NXDOMAIN for, for example, dolphin2.com.example.com. ;-) It's also possible to log or direct the querant to a honeypot. Granted, most likely the stub resolver is trying dolphin2.com.example.com because it already tried dolphin2 and dolphin2.com and both of those failed, but at least you know. You can also see just how good your passive DNS provider's data is, by looking for things which resolved to 127.0.53.53. (This is a really good way for the casual reader to understand the scope of this problem, by the way.) Running your own caching resolver and dumping the cache and looking for stuff is also occasionally advisable; I suspect most of the people on this list would know this. -- Fred Morris On Mon, 25 Nov 2019, Florian Weimer wrote: Is it because of the incoming data is interesting? Define interesting. The data could have monetary value. Passwords that are otherwise difficult to come by might be leaking. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] root? we don't need no stinkin' root!
jim> What do you consider to be a lot of queries? The root server system jim> collectively handles 500K-1M queries per second. That seems rather jim> a lot to me. YMMV. fw> But globally? For the entire planet? fw> It's certainly beyond what I can run out of my basement using spare fw> parts, but it's also not a mindbogglingly huge number. I would have fw> expected something that's clearly impossible to handle from a single fw> box. Actually, it's a great argument for longer TTLs and caching doing what they're supposed to. The root zones and most TLDs tend to have longer, non trendy (over 5 minute) TTLs, so root servers, TLDs and other auth servers get orders of magnitude less queries than large recursive farms, which cache and then get cache hits. Comcast & Google get 2-3 orders of magnitude more than large TLD servers and 4-5 orders of magnitude more than the root servers and these two probably represent something like 1/3 of public recursive server traffic. The largest Chinese ISP used to do more traffic then either of the above. But compared to a large corp DNS server farm, the root servers shovel a lot of bits. Some of it even valid DNS queries and responses. ;) ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] root? we don't need no stinkin' root!
* Jim Reid: >> On 25 Nov 2019, at 20:54, Florian Weimer wrote: >> >> The query numbers are surprisingly low. To me at last. > > What do you consider to be a lot of queries? The root server system > collectively handles 500K-1M queries per second. That seems rather a > lot to me. YMMV. But globally? For the entire planet? It's certainly beyond what I can run out of my basement using spare parts, but it's also not a mindbogglingly huge number. I would have expected something that's clearly impossible to handle from a single box. >> Is it because of the incoming data is interesting? > > Define interesting. The data could have monetary value. Passwords that are otherwise difficult to come by might be leaking. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] root? we don't need no stinkin' root!
> On 25 Nov 2019, at 20:54, Florian Weimer wrote: > > The query numbers are surprisingly low. To me at last. What do you consider to be a lot of queries? The root server system collectively handles 500K-1M queries per second. That seems rather a lot to me. YMMV. I don't know of any other IT platform that reliably handles transactions at anything close to that volume. Or orders of magnitude lower. IIUC Mastercard and Visa each handle around "only" 30K transactions/second. Root server query numbers are continually rising. This is why suggestions like Mark's and RFC7706 need careful consideration. Ultimately, the root server operators won't be able to keep on adding capacity and bandwidth to keep up with demand or mitigate DDoS attacks. They'll eventually run out of money/bits/hardware before the script kiddies and their botnets do. Even though the RSOs are winning that arms race today. > Do we know why the number of root instances has increased? Partly it will be each RSO adding more instances to improve resilience, capacity and performance. They will also be adding more servers to address layer 9+ questions from countries who want to have more root servers inside their borders. IXPs/ISPs want that too, just like they want extra copies of local cache nodes from CDNs. Some countries perceive the DNS root to be US-centric. When they're not on friendly terms with the USA, that can be a problem. Adding anycast root instances in say China or Russia can go some way to alleviate some of those concerns. > Is it because of the incoming data is interesting? Define interesting. IMO instances are being added for the reasons above. Whether the ever-growing volume of queries to the root is interesting or not is irrelevant IMO. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] root? we don't need no stinkin' root!
> On Nov 25, 2019, at 9:54 PM, Florian Weimer wrote: > The query numbers are surprisingly low. To me at last. Duane Wessels did a good study some time ago of queries to the root. I believe over 99% were bogus, not real queries for resolvable things. > Do we know why the number of root instances has increased? Is it > because of the incoming data is interesting? In some cases perhaps. In our case, we typically install eight at each location, and we’ve passed two hundred locations now. So this: >The Domain Name System (DNS) leverages nearly 1K distributed >servers …is not exactly correct… Perhaps it’s only 1K _locations_. We provide them to make the root more resilient against DDoS, and to reduce query latency. But we’re a non-profit which exists for that purpose, we don’t derive any revenue from it, and our finances are publicly audited. For-profits require revenue, and there’s certainly a market for pcaps taken from in front of root servers. -Bill signature.asc Description: Message signed with OpenPGP ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] root? we don't need no stinkin' root!
On Mon, Nov 25, 2019 at 09:54:55PM +0100, Florian Weimer wrote: > Do we know why the number of root instances has increased? Is it > because of the incoming data is interesting? I would venture the latter. This remains a seriously underdiscussed subject. There is of course "logging of all data" which is bad enough but people appear to be getting creative with doing "analyses on the 24 hours of logs we are allowed to keep". Bert ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] root? we don't need no stinkin' root!
* Mark Allman: > Left here to be ripped apart ... :-) The query numbers are surprisingly low. To me at last. Do we know why the number of root instances has increased? Is it because of the incoming data is interesting? ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] root? we don't need no stinkin' root!
Left here to be ripped apart ... :-) Mark Allman. On Eliminating Root Nameservers from the DNS, ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets), November 2019. https://www.icir.org/mallman/pubs/All19b/ Abstract: The Domain Name System (DNS) leverages nearly 1K distributed servers to provide information about the root of the Internet's namespace. The large size and broad distribution of the root nameserver infrastructure has a number of benefits, including providing robustness, low delays to topologically close root servers and a way to cope with the immense torrent of queries destined for the root nameservers. While the root nameserver service operates well, it represents a large community investment. Due to this large cost, in this paper we take the position that DNS' root nameservers should be eliminated. Instead, recursive resolvers should use a local copy of the root zone file instead of consulting root nameservers. This paper considers the pros and cons of this alternate approach. allman -- https://www.icir.org/mallman/ @mallman_icsi ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
Thanks for updating the info Victor. > > On Nov 25, 2019 at 10:10 PM, (mailto:ietf-d...@dukhovni.org)> wrote: > > > > On Mon, Nov 25, 2019 at 02:56:51PM +0100, Elmar K. Bins wrote: > > > > ;; AUTHORITY SECTION: > > > wsly.de. 86400 IN NS art.ns.cloudflare.com. > > > wsly.de. 86400 IN NS roxy.ns.cloudflare.com. > > > > In order to update the records in "de" you need your domain provider to > > send > > them an update of the nameservers. > > More precisely, the registrar rather than the DNS operator when these > are different. But in this case no need, the .de glue has already been > updated: > > wsly.de. IN NS art.ns.cloudflare.com. > wsly.de. IN NS roxy.ns.cloudflare.com. > > and WHOIS reports: > > Domain: wsly.de > Nserver: art.ns.cloudflare.com > Nserver: roxy.ns.cloudflare.com > Changed: 2019-11-25T13:20:29+01:00 > > -- > Viktor. > ___ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > > ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
If we are directly integrated with the registry then a nameserver change is almost instant. But we aren’t directly integrated with all registries and not all of them handle DNS changes in the same way Some, for example, will do a pre-check before they’ll allow a change. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Wesley Peng Date: Monday 25 November 2019 at 15:45 To: Dns-Operations Subject: Re: [dns-operations] Questions about my domain's DNS I saw blacknight does good business on domain industry. How do you handle DNS delegation like my case? Thanks. On Nov 25, 2019 at 10:22 PM, mailto:mich...@blacknight.com>> wrote: That depends on how they’re integrated It’s really a question you need to be asking them -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Wesley Peng Date: Monday 25 November 2019 at 15:22 To: "Elmar K. Bins" Cc: Dns-Operations Subject: Re: [dns-operations] Questions about my domain's DNS Hello When I changed name servers in registrar, won’t they be registered into DE’s servers automatically? Thank you. On Nov 25, 2019 at 9:56 PM, mailto:e...@4ever.de>> wrote: Hi Wesley, postmas...@wsly.de (Wesley Peng) wrote: > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS ns1.alldomains.hosting. > wsly.de.86400 IN NS ns2.alldomains.hosting. > wsly.de.86400 IN NS ns3.alldomains.hosting. > wsly.de.86400 IN NS ns4.alldomains.hosting. > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS art.ns.cloudflare.com. > wsly.de.86400 IN NS roxy.ns.cloudflare.com. > I was confused, since I have changed the domain's nameservers to > cloudflare's, why .de's root servers still give the clues that I am using > ns[1-4].alldomains.hosting? In order to update the records in "de" you need your domain provider to send them an update of the nameservers. - Elmar. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
I saw blacknight does good business on domain industry. How do you handle DNS delegation like my case? Thanks. > > On Nov 25, 2019 at 10:22 PM, (mailto:mich...@blacknight.com)> wrote: > > > > > > That depends on how they’re integrated > > > > It’s really a question you need to be asking them > > > > > > > > > > > > > -- > > > > Mr Michele Neylon > > > > Blacknight Solutions > > > > Hosting, Colocation & Domains > > > > https://www.blacknight.com/ > > > > http://blacknight.blog/ > > > > Intl. +353 (0) 59 9183072 > > > > Direct Dial: +353 (0)59 9183090 > > > > Personal blog: https://michele.blog/ > > > > Some thoughts: https://ceo.hosting/ > > > > --- > > > > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > > > > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > > > > > > > > > > > > > > From: dns-operationson behalf of > Wesley Peng > Date: Monday 25 November 2019 at 15:22 > To: "Elmar K. Bins" > Cc: Dns-Operations > Subject: Re: [dns-operations] Questions about my domain's DNS > > > > > > > > > > > > Hello > > > > > > > > > > > > When I changed name servers in registrar, won’t they be registered into DE’s > servers automatically? Thank you. > > > > > > > > > > > > > > > > > > > > On Nov 25, 2019 at 9:56 PM, mailto:e...@4ever.de)> wrote: > > > > > > > > > > Hi Wesley, > > > > > > > > > > > > postmas...@wsly.de (Wesley Peng) wrote: > > > > > > > > > > > ;; AUTHORITY SECTION: > > > > > wsly.de. 86400 IN NS ns1.alldomains.hosting. > > > > > wsly.de. 86400 IN NS ns2.alldomains.hosting. > > > > > wsly.de. 86400 IN NS ns3.alldomains.hosting. > > > > > wsly.de. 86400 IN NS ns4.alldomains.hosting. > > > > > > > > > > > ;; AUTHORITY SECTION: > > > > > wsly.de. 86400 IN NS art.ns.cloudflare.com. > > > > > wsly.de. 86400 IN NS roxy.ns.cloudflare.com. > > > > > > > > > > > I was confused, since I have changed the domain's nameservers to > > > > > cloudflare's, why .de's root servers still give the clues that I am > > > using > > > > > ns[1-4].alldomains.hosting? > > > > > > > > > > In order to update the records in "de" you need your domain provider to > > send > > > > them an update of the nameservers. > > > > > > > > > > - Elmar. > > > > > > > > > > > ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
On Mon, Nov 25, 2019 at 10:20:17PM +0800, Wesley Peng wrote: > When I changed name servers in registrar, won’t they be registered into DE’s > servers automatically? Thank you. without knowing details about the registrar/reseller chain that you might be using, informing the registrar of such a change is a prerequisite for the delegation to change at the TLD level. That means, the registrar will change the respective entries in the TLD registry. In the case of DE, the current (sic!) cadence of zone publication is once per hour, which makes you incur a delay of up to two ours in the worst case. Meanwhile, your changes have made it into the DE zone (as published trough the DE TLD nameservers). -Peter ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
That depends on how they’re integrated It’s really a question you need to be asking them -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Wesley Peng Date: Monday 25 November 2019 at 15:22 To: "Elmar K. Bins" Cc: Dns-Operations Subject: Re: [dns-operations] Questions about my domain's DNS Hello When I changed name servers in registrar, won’t they be registered into DE’s servers automatically? Thank you. On Nov 25, 2019 at 9:56 PM, mailto:e...@4ever.de>> wrote: Hi Wesley, postmas...@wsly.de (Wesley Peng) wrote: > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS ns1.alldomains.hosting. > wsly.de.86400 IN NS ns2.alldomains.hosting. > wsly.de.86400 IN NS ns3.alldomains.hosting. > wsly.de.86400 IN NS ns4.alldomains.hosting. > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS art.ns.cloudflare.com. > wsly.de.86400 IN NS roxy.ns.cloudflare.com. > I was confused, since I have changed the domain's nameservers to > cloudflare's, why .de's root servers still give the clues that I am using > ns[1-4].alldomains.hosting? In order to update the records in "de" you need your domain provider to send them an update of the nameservers. - Elmar. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
Hello When I changed name servers in registrar, won’t they be registered into DE’s servers automatically? Thank you. > > On Nov 25, 2019 at 9:56 PM, mailto:e...@4ever.de)> wrote: > > > > Hi Wesley, > > postmas...@wsly.de (Wesley Peng) wrote: > > > ;; AUTHORITY SECTION: > > wsly.de. 86400 IN NS ns1.alldomains.hosting. > > wsly.de. 86400 IN NS ns2.alldomains.hosting. > > wsly.de. 86400 IN NS ns3.alldomains.hosting. > > wsly.de. 86400 IN NS ns4.alldomains.hosting. > > > ;; AUTHORITY SECTION: > > wsly.de. 86400 IN NS art.ns.cloudflare.com. > > wsly.de. 86400 IN NS roxy.ns.cloudflare.com. > > > I was confused, since I have changed the domain's nameservers to > > cloudflare's, why .de's root servers still give the clues that I am using > > ns[1-4].alldomains.hosting? > > In order to update the records in "de" you need your domain provider to send > them an update of the nameservers. > > - Elmar. > ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
On Mon, Nov 25, 2019 at 02:56:51PM +0100, Elmar K. Bins wrote: > > ;; AUTHORITY SECTION: > > wsly.de.86400 IN NS art.ns.cloudflare.com. > > wsly.de.86400 IN NS roxy.ns.cloudflare.com. > > In order to update the records in "de" you need your domain provider to send > them an update of the nameservers. More precisely, the registrar rather than the DNS operator when these are different. But in this case no need, the .de glue has already been updated: wsly.de. IN NS art.ns.cloudflare.com. wsly.de. IN NS roxy.ns.cloudflare.com. and WHOIS reports: Domain: wsly.de Nserver: art.ns.cloudflare.com Nserver: roxy.ns.cloudflare.com Changed: 2019-11-25T13:20:29+01:00 -- Viktor. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
Hi Wesley, postmas...@wsly.de (Wesley Peng) wrote: > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS ns1.alldomains.hosting. > wsly.de.86400 IN NS ns2.alldomains.hosting. > wsly.de.86400 IN NS ns3.alldomains.hosting. > wsly.de.86400 IN NS ns4.alldomains.hosting. > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS art.ns.cloudflare.com. > wsly.de.86400 IN NS roxy.ns.cloudflare.com. > I was confused, since I have changed the domain's nameservers to > cloudflare's, why .de's root servers still give the clues that I am using > ns[1-4].alldomains.hosting? In order to update the records in "de" you need your domain provider to send them an update of the nameservers. - Elmar. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] Questions about my domain's DNS
Hallo, I am confused about my domain's DNS glues. The domain is: wsly.de When I queried to .de's root nameservers, I got: $ dig wsly.de @n.de.net ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> wsly.de @n.de.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58894 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;wsly.de. IN A ;; AUTHORITY SECTION: wsly.de.86400 IN NS ns1.alldomains.hosting. wsly.de.86400 IN NS ns2.alldomains.hosting. wsly.de.86400 IN NS ns3.alldomains.hosting. wsly.de.86400 IN NS ns4.alldomains.hosting. Then I queried to one of the above nameservers, I got: $ dig wsly.de @ns1.alldomains.hosting ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> wsly.de @ns1.alldomains.hosting ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47694 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;wsly.de. IN A ;; ANSWER SECTION: wsly.de.86400 IN A 213.145.224.20 ;; AUTHORITY SECTION: wsly.de.86400 IN NS art.ns.cloudflare.com. wsly.de.86400 IN NS roxy.ns.cloudflare.com. I was confused, since I have changed the domain's nameservers to cloudflare's, why .de's root servers still give the clues that I am using ns[1-4].alldomains.hosting? And under this way, cloudflare's nameservers don't have the chance to resolve my domain. Am I right? Thank you. Regards. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations