[100136] in North American Network Operators' Group
dns authority changes and lame servers
daemon@ATHENA.MIT.EDU (Mike Lewinski)
Thu Oct 18 14:31:55 2007
Date: Thu, 18 Oct 2007 12:27:35 -0600
From: Mike Lewinski <mike@rockynet.com>
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
I find it exceptionally annoying that there is no process whereby the
root servers and/or registrars can inform us of new/modified/removed
delegations. The end result is that we serve a lot of stale zones long
after they leave us. In the past I've hacked out some perl to audit our
BIND configs and find the stuff that's moved, but it's ugly. And really,
it's only partially dependable. For example, does the lack of root
server records mean that:
1) the customer abandoned the zone and no longer wishes us to host it
- or -
2) the customer forgot to pay the zone today, and tomorrow will bitch
like hell if my script removes it overnight
There are sub-problems of this, mostly related around customers who move
and change their company names every six months. So now I have a
customer whose zone has expired from the roots (no more email to them)
and whose phone number has changed (no way to call and find out what
real intentions re: expired zone are). It's not worth our time to
physically drive to their site to answer a question that has little to
no real financial implications for us (thanks to the free hosting of up
to three domains with order of T1 service).
So questions:
1) Does anyone else find this flaw in the DNS system as annoying as I
do? If authority is to be regularly moved around between ISPs (who may
be hosting thousands of customer domains), some automated process is
needed to allow the ISP to make intelligent choices about when to remove
a customer zone (authority transfers to another provider are likely the
thing I'd key on, while non-payment removals would probably have a 30
day grace period since aforementioned physical moves are most likely
cause of non-payment expiration).
2) Does anyone have a better way of cleaning out the dreck than some
home-grown scripts? I've used sleep() judiciously to try not beating on
any external servers more than necessary, but the output is less than
100% predictable and often hand audits are required before I can really
generate automatic removals.
We used to get bitch notices from someone about zones we were supposed
to be authoritative for and weren't. This was even more annoying, since
often the whole point was that the customer was "parking" it on our
servers but had used their 3 freebies and had no real immediate use for
it, so neglected to tell us of it. Fine. But give us some notification,
from somebody, so we can stick an empty placeholder in there and be
ready when it is deployed.
For extra fun, this week a customer simply added their new providers DNS
servers to their zone, without removing ours, or asking us to remove our
config. So things were kinda whacky for them until someone called us and
asked WTF was going on.