It has been over a decade since I’ve done this and need some help refreshing my memory.
I have many customers that have registered their domains against my authoritative servers (DNS-AUTH3.CROCKER.COM). I need to move that machine to a different network/IP address. I’ve made the updates in my domain (crocker.com) but I think I also need to update the host glue records in the gtld-servers as well. How do I go about doing that? Ultimately the customers need to update their registration with our new authoritative servers, many have but we still have some stragglers I don’t want to break when I shutdown the old servers.
I have many customers that have registered their domains against my authoritative servers (DNS-AUTH3.CROCKER.COM). I need to move that machine to a different network/IP address. I’ve made the updates in my domain (crocker.com) but I think I also need to update the host glue records in the gtld-servers as well.
This makes me wonder if registries (and registrars) have the ability
to let domain purchasers insert arbitrary glue records of their choice
into gtld-servers. That seems like a big risk because someone could
then claim, when registering a domain, "mydomain.com. IN NS gmail.com."
and insert a glue record like "gmail.com. IN A 93.184.216.34".
* matthew@corp.crocker.com (Matthew Crocker) [Fri 11 Dec 2020, 20:27 CET]:
I have many customers that have registered their domains against my authoritative servers (DNS-AUTH3.CROCKER.COM). I need to move that machine to a different network/IP address. I’ve made the updates in my domain (crocker.com) but I think I also need to update the host glue records in the gtld-servers as well. How do I go about doing that? Ultimately the customers need to update their registration with our new authoritative servers, many have but we still have some stragglers I don’t want to break when I shutdown the old servers.
Normally you'd go to your registrar and update the host record there.
However, you've not created one, presumably because you don't need one (crocker.com is on AWS nameservers), so you don't need to do anything except update your own zone.
Check the output of
% dig a DNS-AUTH3.CROCKER.COM @a.gtld-servers.net.
for (the lack of) A records in the additional section. Replace your host with e.g. rip.psg.com to see the difference for an existing glue record.
You used to be able to see host records using whois but that functionality appears to have gone away.
In article <20201211194255.GK2258@frotz.zork.net> you write:
Matthew Crocker writes:
I have many customers that have registered their domains against my authoritative servers (DNS-AUTH3.CROCKER.COM). I need to move that machine to a different
network/IP address. I’ve made the updates in my domain (crocker.com) but I think I also need to update the host glue records in the gtld-servers as well.
This makes me wonder if registries (and registrars) have the ability
to let domain purchasers insert arbitrary glue records of their choice
into gtld-servers. ...
No, you can only add glue for nameservers in your own domain. There's
an option to export the glue to registries for other TLDs so they know
it is OK for their registrants to use your servers.
The interesting bits happen when a domain expires, but thre are other
domains using the glue so the glue stays after the NS are gone.
Remember that you only need glue for name servers whose names are
within the domains they serve. In this specific case, crocker.com uses
DNS at Amazon, so dns-auth3.crocker.com is just an ordinary record in
the zone, no glue at all.