Re: Cannot Delete Glue record

Wed, 13 May 2009 10:02:32 -0700 

Luke Hopkins wrote:

I have a glue (nameserver host) record which hasn't been used in years and I 
want to delete it (and ultimately re-use the name). Attempting a delete through 
UKreg (Fasthosts) gives me this:

Error: NameServerHosts Delete (Nameserver deletion failed at registry: 420 
Object association prohibits operation.)

I cannot find any way to check what domains are attached to it, and UKreg 
support are unable to help (check manually was their answer).

We don't have that many domains, so I've checked them all manually, both the 
zone files and what the registrar has listed as authoritive, but this glue 
record isn't used by us.

Is there a way/tool which can check what domains are attached to a glue record.

For reference, the name is ns0.broadbean.net


They should be able to look into the registry database to find this.
It might be very difficult for you, as a customer, to ascertain, outside of the DNS protocol itself, what domain(s) might be delegated to that name. If your registry is lax about checking such things, it's conceivable that someone has delegated their domain(s) to your nameserver without your consent, in order to meet a 2-nameserver delegation requirement, while only actually having a single authoritative nameserver hosting the zone. In that scenario, if you have everything in a single "view", and open access to the cache, and with open recursion (or one of your "trusted" recursive clients went rogue), they might even be able to "poke" your nameserver periodically, in order to populate your cache with desired records, and thus leech off your resolution services. That's another reason why it's recommended to either a) strictly limit access to your cache (later versions of BIND do this more conveniently and by default), or b) have separate views for recursive and non-recursive (hosting) service. 

But I digress...
One investigative approach would be to point that name at a valid address in your Internet-facing range, and record -- by using a sniffer, or bringing up a minimal nameserver and turning on query logging -- what queries you're getting, and for what zones. 

- Kevin

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to