Experiments on production DNS (was: Re: NS.EU.NET running NSD)
Jim Reid jim at rfc1035.com
Fri Jan 17 16:18:09 CET 2003
>>>>> "Berislav" == Berislav Todorovic <beri at eurorings.net> writes: Berislav> As far as I remember, on 1 October 2002 people using Berislav> ns.EU.net as secondary for their zones received the Berislav> following announcement from RIPE NCC (just stating the Berislav> significant part): >>> We, the RIPE NCC, host the nameserver ns.eu.net since the >>> beginning of June 2002 as a service to the Internet community, >>> to give the administrators of the large number of domains that >>> ns.eu.net is still running secondary nameservice for, ample >>> time to stop referencing to it. >>> >>> We cannot provide this service indefinitely and are planning >>> to stop running ns.eu.net in 1 month time, in the beginning of >>> November 2002. Berislav> Despite of the warning, ns.EU.net continued to operate Berislav> normally after November 2002. Well, many people probably Berislav> appreciate this. May be, but that's MORE THAN TWO MONTHS after the deadline. RIPE NCC pretty much said all bets would be off after Nov 1st. Nobody should have planned on that server staying alive after the date given unless a revised one was published. RIPE NCC gave a 5 month warning of this deadline. That should have been more than enough time for the zones on that server to be found new homes, even with all the ICANN/DoC formalities to get the root zone updated. Berislav> However, since few days ago a lot of ccTLD Berislav> administrators started to complain about Berislav> reachability of ns.EU.net. Today we got the explanation Berislav> about it: >>> Since January 13, the RIPE NCC is running the NS.EU.NET >>> nameserver with a new software, NSD ( >>> http://www.nlnetlabs.nl/nsd ). This is not necessarily an explanation. ns.eu.net is up and running just fine. Berislav> Well, experimenting is just fine, but don't you think Berislav> people should have been warned in advance? They should have been. Though I have no idea whether this was done or not. Since I don't use that server, it's unlikely I would have been informed about the change of DNS software. Berislav> Your argument might be that "they had enough time to Berislav> migrate". True. You are free to remove them completely Berislav> from ns.EU.net, but as long as ns.EU.net is a live box Berislav> and serves as a DNS - it is a part of production Berislav> environment. This should not preclude the server running NSD. The code has been around for a while now and has been subjected to exhaustive testing. In a testbed, it was replayed a trace in real-time of the query traffic reaching k.root-servers.net. It worked just fine. Moving NSD on to ns.eu.net seems a reasonable step towards getting NSD into production use. That has to be a Good Thing since it increases the gene pool of DNS code. I'm sure the NCC folks would not have taken that step if they had doubts over the suitability of NSD. Berislav> Would you, please, take a look into 4 ccTLD's that Berislav> return NXDOMAIN and take care they continue to have Berislav> normal service: Berislav> al ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4 Berislav> bg ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4 Berislav> tp ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4 Berislav> zw ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4 This can have absolutely nothing to do with the complaint you have made. If ns.eu.net was dead, which it isn't, name servers would try the other authoritative servers for each of these TLDs. If none of them responded, you'd be getting connection time out errors, not NXDOMAIN. So complaints about the reachability of ns.eu.net don't stand up: at least not from the data you've provided. NXDOMAIN reponses cannot possibly be a consequence of connectivity problems because something has had to send back that response. QED. The fact you're reporting NXDOMAIN errors points to a different problem. A name server or servers are saying these TLDs don't exist, which is absurd. So there is a misconfigured server or some cache poisoning going on. That's got nothing to do with what name server software runs on ns.eu.net. Unless of course someone configured it to tell lies for these 4 TLDs.
[ dns-wg Archives ]