<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Sean,<br>
<br>
Thanks for your help with this. I really think I need to bury my
head in some DNS training. Whilst I've been maintaining DNS
servers for 17 years or so, I honestly couldn't say that I 'know'
bind, or DNS in general. I guess it's one of those things (at
least for a small ISP like me) like sendmail where you tend to
educate yourself enough to get by, without really getting your
hands dirty.<br>
<br>
I contacted my registrar and those nameservers now have valid glue
records.<br>
<br>
I read your other comments with interest. I was more than a little
bit dismayed at the relaxing of registration requirements on .au
domains. For a long time our domains had a legitimacy that many of
the other TLDs had given up for the increased revenue. Now .au is
hardly different to .com with 'entrepreneurs' snapping up common
words and phrases.<br>
<br>
I'm on the fence regarding domain privacy. There are legitimate
reasons to use privacy but there are also many out there who would
use it for the wrong reasons.<br>
<br>
Gary<br>
<br>
On 29/10/2012 11:05 AM, Sean K. Finn wrote:<br>
</div>
<blockquote
cite="mid:D2B93227AFAE51499A4F7E1BEDD4523A845D81F87D@msx01.office.ozservers.net.au"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<title>Untitled Document</title>
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi
Gary,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The
short answer is ‘Talk to your <b>Registrar</b>’. If they
can’t update the namservers IP’s or glue it through their
web portal, they definitely have an interface with
AusRegistry to do it manually, so don’t take any cr*p from
them.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You
can verify for yourself once its complete from the </span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a
moz-do-not-send="true"
href="http://whois.ausregistry.com.au/whois/whois_local.jsp?">http://whois.ausregistry.com.au/whois/whois_local.jsp?</a>
Page.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Nameservers
are one of the hardest things on the Internet to get a
handle on, primarily because they are one of the few things
you HAVE to be shown how to do to do it <b>properly, </b>unlike
most other things that you can learn yourself. If you’re
never told, you don’t even know that you don’t know.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(And
for those of you who have had a beer with me in person and
heard me talk about the fifteen ‘secrets’, this is one of
them.)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This
is also the only way to delegate a domain name to
nameservers of its own subdomain.</span><b><o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">We
had huge problems years ago being able to maintain things
through our registrar to the point where one of our sister
companies had to become a registrar just so we could keep
our own domains under control. ( Yes, it was a bit of
overkill, but it was the only sure way we could maintain
control as the .au space was juvenile and in a state of
flux at that time).<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">We
did consider challenging AusRegistry at one point if it
became necessary, but, the AusReg management and day to day
team do such a fantastic job with the .au namespace that it
really isn’t necessary, you really can’t get any better in
my opinion.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Here’s
an article from one of the AusReg guys showing that he
actually gives a bit of a damn:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a
moz-do-not-send="true"
href="http://www.brisbanetimes.com.au/it-pro/business-it/groundswell-must-continue-to-oppose-greater-internet-control-20121023-282q7.html">http://www.brisbanetimes.com.au/it-pro/business-it/groundswell-must-continue-to-oppose-greater-internet-control-20121023-282q7.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">One
thing there is a giant call for, and a giant resistance from
AuDA and the .au aristocracy is domain privacy .au
namespace. I personally think that domain ‘monetisation’ of
.au which effectively allows anyone to put anything and sit
on domain names, and trade the names themselves rather than
trade on websites using the names was a bit of a wrong thing
to do, but, it did generate a lot more revenue to keep the
Administration of .au running smoothly. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
think part of the challenge with domain privacy on .au would
be the increased amount of end customers that registrars and
AuDA itself would have to put up with calling up to find out
who owned a domain name, for whatever reason.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
think this is why AuDA are silently resisting allowing
domain privacy on .au, but, it’s a double edged sword, they
are happy to keep the increased revenue from allowing domain
hoarders to renew each year, but are failing to deliver the
features to protect the legitimate end users of .au domains
privacy.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">.Au
however has come a very long way. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Disclaimer:
these are my personal opinions and not the opinions of my
employer.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
CAS Netlink Support [<a class="moz-txt-link-freetext" href="mailto:support@cbl.com.au">mailto:support@cbl.com.au</a>] <br>
<b>Sent:</b> Monday, October 29, 2012 9:38 AM<br>
<b>To:</b> Sean K. Finn<br>
<b>Cc:</b> '<a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>'<br>
<b>Subject:</b> Re: [AusNOG] Strange DNS issue<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Sean,<br>
<br>
It did eventually sort itself out on Sunday with the big T's
DNS servers falling in to line, but the question does make
me want to answer it with another question that may help me
prevent this situation in the future. :)<br>
<br>
I did the TLD nameserver glue query and it returned a Host
ID and hostname but no IP. To be honest, I didn't think the
.au TLDs had/used glue records that I could alter. With
.com, .net etc I've always kept those up to date but I've
never really heard anything about .au glue or seen anywhere
they can be maintained. The nameservers for the .net domain
that had problems are .com.au hosts so I guess my next
question is how do I fix the glue?<br>
<br>
Regards,<br>
<br>
Gary<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
<p class="MsoNormal">On 29/10/2012 10:01 AM, Sean K. Finn
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Gary,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ll
pose some obvious question, do the nameservers have
appropriate glue records in the root, (or CC root) and are
the domain’s NS Records matching the nameservers they are
actually delegated to?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You
can check TLD nameserver glue here:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a
moz-do-not-send="true"
href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Or,
if the nameservers are .au nameservers, here</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a
moz-do-not-send="true"
href="http://whois.ausregistry.com.au/whois/whois_local.jsp?">http://whois.ausregistry.com.au/whois/whois_local.jsp?</a></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">With
the query string being “HOST ns1.domain.com.au”</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Glue
(HOST RECORD) response example for “HOST NS1.net.au”</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Whois
response for <b>HOST ns1.net.au</b>:</span><o:p></o:p></p>
<table class="MsoNormalTable"
style="margin-left:5.25pt;background:white" border="0"
cellpadding="0">
<tbody>
<tr>
<td
style="width:135.0pt;background:#EFEFEF;padding:3.75pt
3.75pt 3.75pt .75pt" valign="top" width="180">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Host
ID</span><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">H0041281-AR</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td
style="width:135.0pt;background:#EFEFEF;padding:3.75pt
3.75pt 3.75pt .75pt" valign="top" width="180">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Host
Name</span><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">ns1.net.au</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td
style="width:135.0pt;background:#EFEFEF;padding:3.75pt
3.75pt 3.75pt .75pt" valign="top" width="180">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">IP
Address</span><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">202.125.32.4</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Sometimes
when the glue isn’t correct, and when the NS records don’t
match where the domain name is delegated to, ‘strange’
things happen, where the domain works from some places,
but not others.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Sean.</span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a moz-do-not-send="true"
href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>
[<a moz-do-not-send="true"
href="mailto:ausnog-bounces@lists.ausnog.net">mailto:ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>CAS Netlink Support<br>
<b>Sent:</b> Sunday, October 28, 2012 12:41 PM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] Strange DNS issue</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Thanks
Heinz. I lowered the refresh time yesterday and I've just
seriously increased the serial. It has become a bit
curiouser though. Telstra's lon-resolver.telstra.net
appears to be returning the correct record when queried
from a USA server:<br>
<br>
# dig @203.50.2.71 xxxxx.net any<br>
<br>
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.5
<<>> @203.50.2.71 xxxxx.net any<br>
; (1 server found)<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 19922<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2,
ADDITIONAL: 4<br>
<br>
However, when I query the same server from my client's
firewall which is connected to Bigpond ADSL, it fails:<br>
<br>
t# dig @203.50.2.71 xxxxx.net any<br>
<br>
; <<>> DiG 9.5.1-P2 <<>>
@203.50.2.71 xxxxx.net any<br>
; (1 server found)<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status:
SERVFAIL, id: 40361<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 0<br>
<br>
I've never seen this sort of weirdness before. DNS seemed
so much easier when Robert Elz was running the show :).<br>
<br>
Gary<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 28/10/2012 1:12 PM, Heinz N wrote:<o:p></o:p></p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Am I right in thinking it is probably
that the domain had a long expire time? The refresh was
set to 86400, but it seems like it is being ignored or
it doesn't figure in how long DNS servers will wait
before refreshing the domain. <o:p></o:p></p>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
A few years ago I hade a similar problem when redelegating
domains where telstra was the secondary. I had a too long
refresh time and it seemed that their DNS only updated
according to the longest number: refresh or retry (this is
just my opinion). Everyone else's DNSs queried my
authorative host and got the redelegations but the
secondary (telstra) didn't for quite some time. This
problem was my fault and now I have everything set at 1hr
(except expire which is set much longer). <br>
<br>
I resorted to adding new host A records into those domains
and doing a dig @nsX.telstra.XXXX on those host.domain in
order to force their DNS to re-query the zone records.
This didn't trigger a zone transfer unfortunately, but the
new hosts did then appear. I used them until the full zone
transfer finally happened. (This is a bit difficult if
your "www" A record is the one not updating). <br>
<br>
PS. Don't forget to update your Zone record serial number.
You might even try increasing it in order to try to
trigger a full refresh. <br>
<br>
Regards, <br>
Heinz N. <br>
<br>
_______________________________________________ <br>
AusNOG mailing list <br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>