Moin! On 30 May 2022, at 1:12, Robert Edmonds wrote: > Simon Arlott via dns-operations wrote: >> I currently have this cached list of nameservers for dynect.net: >> >> ;; AUTHORITY SECTION: >> dynect.net. 14931 IN NS cgydc01dnsext01.us.oracle.com. >> dynect.net. 14931 IN NS tvp02dnsext02.tvp.oracle.com. >> dynect.net. 14931 IN NS sydc01dns03.au.oracle.com. >> dynect.net. 14931 IN NS trdc01dnsext01.us.oracle.com. >> dynect.net. 14931 IN NS adc08dnsext02.us.oracle.com. >> dynect.net. 14931 IN NS rmdc02dnsext01.us.oracle.com. >> dynect.net. 14931 IN NS llg07dnsext02.llg.oracle.com. >> dynect.net. 14931 IN NS llg07dnsext01.llg.oracle.com. >> dynect.net. 14931 IN NS iad-dns-master.oraclecorp.com. >> dynect.net. 14931 IN NS adc08dnsext01.us.oracle.com. >> dynect.net. 14931 IN NS rmdc02dnsext02.us.oracle.com. >> ;; WHEN: Fri May 27 17:10:08 BST 2022 >> >> All of these hostnames are NXDOMAIN in the oracle.com/oraclecorp.com >> zones. Looks like someone has reconfigured the nameservers for >> dynect.net and then immediately pulled the A/AAAA records for the old >> names without waiting out the TTL on the old NS records. > > This was https://www.dynstatus.com/incidents/1xlbp98xr3y2. So how do you expect the domain to be resolved if all of your out of bailiwick name server names no longer point to an IP address?
>> Unbound gives up and returns SERVFAIL for anything using dynect.net >> because it exceeds the maximum number of NXDOMAIN responses for >> nameserver hostnames. Maybe this is happening where you still have the A/AAAA record cached for delegation, but you can’t rely on that. If a domain is not being able to be resolved from a cold/empty cache it is broken, and the domain owner has to deal with the consequences. End of story. So long -Ralf ——- Ralf Weber _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
