This sort of of thing is *supposed* to be caught by the Registry or by their proxy the Registrar. Teresa, if you failed to receive a notification that your glue records were wrong you should be asking why you are paying good money for registry services that are not being performed to agreed specifications.
RFC 1034 and the requirements specified therein predate the assignment of the registry role to the current registrar so there is no excuse of "we didn't know we were required to check". Mark RFC 1034 4.2.2. Administrative considerations As the last installation step, the delegation NS RRs and glue RRs necessary to make the delegation effective should be added to the parent zone. The administrators of both zones should insure that the NS and glue RRs which mark both sides of the cut are consistent and remain so. In message <b7f4ec41-4b18-44de-b567-497560505...@gronkulator.com>, Rich Goodson writes: > > Teresa, > > Here are the out of zone glue records for mcomdc.com <http://mcomdc.com/> > (note the query to a.gtld-servers.net <http://a.gtld-servers.net/>, one > of the authoritative servers for the com zone): > rgoodson@bcn-rgoodson1 ~ $ dig @a.gtld-servers.net > <http://a.gtld-servers.net/> ns1.mcomdc.com <http://ns1.mcomdc.com/> > > ; <<>> DiG 9.9.5-P1 <<>> @a.gtld-servers.net <http://a.gtld-servers.net/> > ns1.mcomdc.com <http://ns1.mcomdc.com/> > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49533 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;ns1.mcomdc.com <http://ns1.mcomdc.com/>. IN A > > ;; AUTHORITY SECTION: > mcomdc.com <http://mcomdc.com/>. 172800 IN NS > ns1.mcomdc.com <http://ns1.mcomdc.com/>. > mcomdc.com <http://mcomdc.com/>. 172800 IN NS > ns2.mcomdc.com <http://ns2.mcomdc.com/>. > > ;; ADDITIONAL SECTION: > ns1.mcomdc.com <http://ns1.mcomdc.com/>. 172800 IN > A 74.84.103.134 > ns2.mcomdc.com <http://ns2.mcomdc.com/>. 172800 IN > A 74.84.119.134 > > ;; Query time: 79 msec > ;; SERVER: 192.5.6.30#53(192.5.6.30) > ;; WHEN: Wed Sep 16 09:36:10 CDT 2015 > ;; MSG SIZE rcvd: 107 > > rgoodson@bcn-rgoodson1 ~ $ dig +norec @68.66.64.240 ns1.mcomdc.com > <http://ns1.mcomdc.com/> > > ; <<>> DiG 9.9.5-P1 <<>> +norec @68.66.64.240 ns1.mcomdc.com > <http://ns1.mcomdc.com/> > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50438 > ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;ns1.mcomdc.com <http://ns1.mcomdc.com/>. IN A > > ;; ANSWER SECTION: > ns1.mcomdc.com <http://ns1.mcomdc.com/>. 300 IN > A 97.64.168.6 > > ;; AUTHORITY SECTION: > mcomdc.com <http://mcomdc.com/>. 300 IN NS > ns1.mcomdc.com <http://ns1.mcomdc.com/>. > mcomdc.com <http://mcomdc.com/>. 300 IN NS > ns2.mcomdc.com <http://ns2.mcomdc.com/>. > > ;; ADDITIONAL SECTION: > ns2.mcomdc.com <http://ns2.mcomdc.com/>. 300 IN > A 68.66.64.240 > > ;; Query time: 51 msec > ;; SERVER: 68.66.64.240#53(68.66.64.240) > ;; WHEN: Wed Sep 16 09:36:49 CDT 2015 > ;; MSG SIZE rcvd: 107 > > What you need to do is log in to Network Solutions (your registrar) and > update the IP addresses that they have for ns1.mcomdc.com > <http://ns1.mcomdc.com/> and ns2.mcomdc.com <http://ns2.mcomdc.com/>. > They in turn will update the âcomâ zone with new glue records for > ns1.mcomdc.com <http://ns1.mcomdc.com/> and ns2.mcomdc.com > <http://ns2.mcomdc.com/>. > > -Rich > > > On Sep 16, 2015, at 9:23 AM, Teresa Campbell <tcampb...@mediacomcc.com > <mailto:tcampb...@mediacomcc.com>> wrote: > > > > I recently moved my two authoritative servers to new servers on new > IP's. I did it slowly leaving the old servers up so that everyone would > have time to receive the new IP for my domain. When I query everything > from google's free DNS servers to my own recursive servers I show the new > IP's, which is what I expected. It has been a month since I moved to the > new IP's, however I am still see a ton of query's going to the old Auth > servers. My authoritative servers do not have recursive turned on so all > the traffic I am seeing is coming from other DNS servers and they are > querying my domains for records. Did I miss something? Is that normal? Is > it safe to just turn the old servers off? > > > > Here are the queries I am seeing in the logs > > > > 16-Sep-2015 09:00:16.807 client 78.140.179.9#22202 (ns2.mcomdc.com > <http://ns2.mcomdc.com/>): query: ns2.mcomdc.com <http://ns2.mcomdc.com/> > IN A -EDC (74.84.103.134) > > 16-Sep-2015 09:00:16.882 client 63.79.12.161#20765 (ns1.mcomdc.com > <http://ns1.mcomdc.com/>): query: ns1.mcomdc.com <http://ns1.mcomdc.com/> > IN A -EDC (74.84.103.134) > > > > > > Here is the process I followed to move to the new IP's. > > > > I brought up my new servers with the new IP's. I changed the A record > for ns1.mcomdc.com <http://ns1.mcomdc.com/> on all 4 of the servers (old > and new) to the new IP address. I waited a few hours to confirm it all > looks good, then made the change to ns2.mcomdc.com > <http://ns2.mcomdc.com/>. I then left all 4 servers up for 72 hours and > came back and confirmed every major free recursive DNS server had the new > ns server IP's and any changes I made to the new server and not the old > where propagating across the internet. I am not sure it matters here but > I am running BIND 9.10.2-P4 > > > > Thanks, > > > > Teresa Campbell > > > > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users > <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from > this list > > > > bind-users mailing list > > bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > > https://lists.isc.org/mailman/listinfo/bind-users > <https://lists.isc.org/mailman/listinfo/bind-users> > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
