<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><title>Untitled Document</title><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Gary,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The short answer is ‘Talk to your <b>Registrar</b>’. If they can’t update the namservers IP’s or glue it through their web portal, they definitely have an interface with AusRegistry to do it manually, so don’t take any cr*p from them.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>You can verify for yourself once its complete from the </span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://whois.ausregistry.com.au/whois/whois_local.jsp?">http://whois.ausregistry.com.au/whois/whois_local.jsp?</a> Page.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Nameservers are one of the hardest things on the Internet to get a handle on, primarily because they are one of the few things you HAVE to be shown how to do to do it <b>properly, </b>unlike most other things that you can learn yourself. If you’re never told, you don’t even know that you don’t know.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>(And for those of you who have had a beer with me in person and heard me talk about the fifteen ‘secrets’, this is one of them.)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>This is also the only way to delegate a domain name to nameservers of its own subdomain.</span><b><o:p></o:p></b></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>We had huge problems years ago being able to maintain things through our registrar to the point where one of our sister companies had to become a registrar just so we could keep our own domains under control. ( Yes, it was a bit of overkill, but it was the only sure way we could maintain control as the .au space was juvenile and in a state of flux at that time).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>We did consider challenging AusRegistry at one point if it became necessary, but, the AusReg management and day to day team do such a fantastic job with the .au namespace that it really isn’t necessary, you really can’t get any better in my opinion.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Here’s an article from one of the AusReg guys showing that he actually gives a bit of a damn:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.brisbanetimes.com.au/it-pro/business-it/groundswell-must-continue-to-oppose-greater-internet-control-20121023-282q7.html">http://www.brisbanetimes.com.au/it-pro/business-it/groundswell-must-continue-to-oppose-greater-internet-control-20121023-282q7.html</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>One thing there is a giant call for, and a giant resistance from AuDA and the .au aristocracy is domain privacy .au namespace. I personally think that domain ‘monetisation’ of .au which effectively allows anyone to put anything and sit on domain names, and trade the names themselves rather than trade on websites using the names was a bit of a wrong thing to do, but, it did generate a lot more revenue to keep the Administration of .au running smoothly. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I think part of the challenge with domain privacy on .au would be the increased amount of end customers that registrars and AuDA itself would have to put up with calling up to find out who owned a domain name, for whatever reason.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I think this is why AuDA are silently resisting allowing domain privacy on .au, but, it’s a double edged sword, they are happy to keep the increased revenue from allowing domain hoarders to renew each year, but are failing to deliver the features to protect the legitimate end users of .au domains privacy.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>.Au however has come a very long way. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Disclaimer: these are my personal opinions and not the opinions of my employer.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> CAS Netlink Support [mailto:support@cbl.com.au] <br><b>Sent:</b> Monday, October 29, 2012 9:38 AM<br><b>To:</b> Sean K. Finn<br><b>Cc:</b> 'ausnog@lists.ausnog.net'<br><b>Subject:</b> Re: [AusNOG] Strange DNS issue<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hi Sean,<br><br>It did eventually sort itself out on Sunday with the big T's DNS servers falling in to line, but the question does make me want to answer it with another question that may help me prevent this situation in the future. :)<br><br>I did the TLD nameserver glue query and it returned a Host ID and hostname but no IP. To be honest, I didn't think the .au TLDs had/used glue records that I could alter. With .com, .net etc I've always kept those up to date but I've never really heard anything about .au glue or seen anywhere they can be maintained. The nameservers for the .net domain that had problems are .com.au hosts so I guess my next question is how do I fix the glue?<br><br>Regards,<br><br>Gary<o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p></div><p class=MsoNormal>On 29/10/2012 10:01 AM, Sean K. Finn wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Gary,</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’ll pose some obvious question, do the nameservers have appropriate glue records in the root, (or CC root) and are the domain’s NS Records matching the nameservers they are actually delegated to?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>You can check TLD nameserver glue here:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a></span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Or, if the nameservers are .au nameservers, here</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://whois.ausregistry.com.au/whois/whois_local.jsp?">http://whois.ausregistry.com.au/whois/whois_local.jsp?</a></span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>With the query string being “HOST ns1.domain.com.au”</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Glue (HOST RECORD) response example for “HOST NS1.net.au”</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Whois response for <b>HOST ns1.net.au</b>:</span><o:p></o:p></p><table class=MsoNormalTable border=0 cellpadding=0 style='margin-left:5.25pt;background:white'><tr><td width=180 valign=top style='width:135.0pt;background:#EFEFEF;padding:3.75pt 3.75pt 3.75pt .75pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Host ID</span><o:p></o:p></p></td><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>H0041281-AR</span><o:p></o:p></p></td></tr><tr><td width=180 valign=top style='width:135.0pt;background:#EFEFEF;padding:3.75pt 3.75pt 3.75pt .75pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Host Name</span><o:p></o:p></p></td><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>ns1.net.au</span><o:p></o:p></p></td></tr><tr><td width=180 valign=top style='width:135.0pt;background:#EFEFEF;padding:3.75pt 3.75pt 3.75pt .75pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>IP Address</span><o:p></o:p></p></td><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>202.125.32.4</span><o:p></o:p></p></td></tr></table><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sometimes when the glue isn’t correct, and when the NS records don’t match where the domain name is delegated to, ‘strange’ things happen, where the domain works from some places, but not others.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sean.</span><o:p></o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> <a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a> [<a href="mailto:ausnog-bounces@lists.ausnog.net">mailto:ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>CAS Netlink Support<br><b>Sent:</b> Sunday, October 28, 2012 12:41 PM<br><b>To:</b> <a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br><b>Subject:</b> Re: [AusNOG] Strange DNS issue</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>Thanks Heinz. I lowered the refresh time yesterday and I've just seriously increased the serial. It has become a bit curiouser though. Telstra's lon-resolver.telstra.net appears to be returning the correct record when queried from a USA server:<br><br># dig @203.50.2.71 xxxxx.net any<br><br>; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.5 <<>> @203.50.2.71 xxxxx.net any<br>; (1 server found)<br>;; global options: printcmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19922<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4<br><br>However, when I query the same server from my client's firewall which is connected to Bigpond ADSL, it fails:<br><br>t# dig @203.50.2.71 xxxxx.net any<br><br>; <<>> DiG 9.5.1-P2 <<>> @203.50.2.71 xxxxx.net any<br>; (1 server found)<br>;; global options: printcmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 40361<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br><br>I've never seen this sort of weirdness before. DNS seemed so much easier when Robert Elz was running the show :).<br><br>Gary<br><br><br><br><o:p></o:p></p><div><p class=MsoNormal>On 28/10/2012 1:12 PM, Heinz N wrote:<o:p></o:p></p></div></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Am I right in thinking it is probably that the domain had a long expire time? The refresh was set to 86400, but it seems like it is being ignored or it doesn't figure in how long DNS servers will wait before refreshing the domain. <o:p></o:p></p></blockquote><p class=MsoNormal style='margin-bottom:12.0pt'><br>A few years ago I hade a similar problem when redelegating domains where telstra was the secondary. I had a too long refresh time and it seemed that their DNS only updated according to the longest number: refresh or retry (this is just my opinion). Everyone else's DNSs queried my authorative host and got the redelegations but the secondary (telstra) didn't for quite some time. This problem was my fault and now I have everything set at 1hr (except expire which is set much longer). <br><br>I resorted to adding new host A records into those domains and doing a dig @nsX.telstra.XXXX on those host.domain in order to force their DNS to re-query the zone records. This didn't trigger a zone transfer unfortunately, but the new hosts did then appear. I used them until the full zone transfer finally happened. (This is a bit difficult if your "www" A record is the one not updating). <br><br>PS. Don't forget to update your Zone record serial number. You might even try increasing it in order to try to trigger a full refresh. <br><br>Regards, <br>Heinz N. <br><br>_______________________________________________ <br>AusNOG mailing list <br><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a> <o:p></o:p></p></blockquote><p class=MsoNormal> <o:p></o:p></p></blockquote><p class=MsoNormal><o:p> </o:p></p></div></body></html>