Re: [DNS] Notification of DNS name server changes

From: Kim Davies <kim§cynosure.com.au> Date: Wed, 18 Sep 2002 13:50:00 +0200 · This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:06 UTC

Quoting David Keegel on Wednesday September 18, 2002:
| ] At 12:55 18.09.2002 +1000, you wrote:
| ] >The notification of redelegation is very much a useful feature as it gives the original DNS holders notification that they need to remove (or otherwise modify) their name server configurations. I would say 99% of customers would not notify
| ] >their old DNS providers - but complain bitterly a few days/weeks/months later when "old ISP" customers "can't see my new website".
| ] 
| ] OTOH, it should be standard practice that ISPs monitor delegations,
| ] and if they lose delegations for any zone they hold authoritatively, 
| ] they should stop being authoritative. Automated, easy, no human 
| ] intervention required...
| 
| I don't think I would want my ISP to do something like that.
| 
| If someone managed to temporarily hijack my domain, then the 
| DNS servers at my ISP would stop answering queries about my
| domain, which would make it more difficult to get the domain
| back to the proper DNS servers (first you get your new DNS
| servers working, then you delegate).  Hopefully this ISP would
| just disable the domain DNS data rather than deleting it.

Sure... I didn't mean delete the domain, just stop answering
authoritatively for it (comment it out of the named.conf etc.). If the
delegations return, re-enable..

| There would probably be other failure modes too, like a
| false negative test result (maybe due to a buggy detection
| script, a DNS server down, or Internet link failure) or a
| stuff-up at the registry or 2LD DNS servers.

I'd imagine any such script would only kick in after a few days of
failures, and when there are clearly other NS records being returned in
the parent zone (rather than none at all).

I think if there was a buggy detection script - it would get fixed quick
smart the first time it broke!

| And you want to cater for people who are setting up their 
| DNS servers, but don't have them all ready yet so they 
| haven't done the delegation.  And sometimes there are
| people who want stealth secondaries.

I would suggest stealth secondaries wouldn't usually be on an ISP.. they
would be something hidden away somewhere. I'm just talking about the
main DNS servers for client data that ISPs may run.

kim