Domain oddity - possibly early warning...

Rodney_Joffe1 · March 25, 2003, 11:35pm

Hello,

We've noticed something we've never noticed before that became evident
at 14:00 today... and which could be an isolated glitch at
Verisign/Netsol, or it could be a sign of a larger problem looming.

The domain utclassifieds.com is answered as NXDOMAIN in the
gtld-servers.

[rjoffe@layer9 rjoffe]$ dig @a.gtld-servers.net utclassifieds.com ns

; <<>> DiG 8.3 <<>> @a.gtld-servers.net utclassifieds.com ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; utclassifieds.com, type = NS, class = IN

;; AUTHORITY SECTION:
com. 2D IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. (
                                        2003032500 ; serial
                                        30M ; refresh
                                        15M ; retry
                                        1W ; expiry
                                        1D ) ; minimum

;; Total query time: 96 msec
;; FROM: layer9.com to SERVER: a.gtld-servers.net 192.5.6.30
;; WHEN: Tue Mar 25 16:15:26 2003

However it has a whois record at networksolutions, but it has no
nameservers in the whois record. And the domain is valid and expires in
July 2003.
http://www.networksolutions.com/cgi-bin/whois/whois?STRING=utclassifieds.com&SearchType=do&STRING2.x=31&STRING2.y=8

If anyone else has a similar domain problem, I'd appreciate a note
offline...

Meantime we're trying to get an answer from NSI.

Larson_Matt · March 26, 2003, 3:57pm

We've noticed something we've never noticed before that became evident
at 14:00 today... and which could be an isolated glitch at
Verisign/Netsol, or it could be a sign of a larger problem looming.

Or perhaps it could be the result of perfectly normal operations.

The domain utclassifieds.com is answered as NXDOMAIN in the
gtld-servers.

[dig output deleted]

However it has a whois record at networksolutions, but it has no
nameservers in the whois record. And the domain is valid and expires in
July 2003.

This behavior is normal. The owning registrar for this domain,
Network Solutions, removed both name servers during the evening (EST)
of 24 March. A domain with no name servers is a legal state in the
com/net registry database. In such a case, however, the domain does
not appear in the com/net zones. (How could it--it has no name
servers.) The domain was again modified during the evening (EST) of
25 March, when two name servers were added. It was therefore included
in the com zone with SOA serial 2003032600.

This is a good opportunity to point out the separation between
VeriSign Global Registry Services (VGRS), the registry for com/net,
and the various ICANN-accredited registrars, including Network
Solutions. VGRS makes whatever changes requested by registrars to
domains they own. In this case, we just see that the name servers
were removed and re-added a day later. Presumably Network Solutions
took this action based on customer instructions, but you'd have to ask
them.

Matt

Rodney_Joffe1 · March 27, 2003, 3:05pm

Thanks for the response Matt... more below...

Matt Larson wrote:

> We've noticed something we've never noticed before that became evident
> at 14:00 today... and which could be an isolated glitch at
> Verisign/Netsol, or it could be a sign of a larger problem looming.

Or perhaps it could be the result of perfectly normal operations.

for various values of normal

This behavior is normal. The owning registrar for this domain,
Network Solutions, removed both name servers during the evening (EST)
of 24 March. A domain with no name servers is a legal state in the
com/net registry database. In such a case, however, the domain does
not appear in the com/net zones. (How could it--it has no name
servers.) The domain was again modified during the evening (EST) of
25 March, when two name servers were added. It was therefore included
in the com zone with SOA serial 2003032600.

OK...

This is a good opportunity to point out the separation between
VeriSign Global Registry Services (VGRS), the registry for com/net,
and the various ICANN-accredited registrars, including Network
Solutions. VGRS makes whatever changes requested by registrars to
domains they own. In this case, we just see that the name servers
were removed and re-added a day later. Presumably Network Solutions
took this action based on customer instructions, but you'd have to ask
them.

We did. The customer did not provide any instructions to NSI to cause
the deletion of the nameservers. NSI's response to the phone call was to
re-enter the nameservers through the UI which they then did, and as you
say, the nameservers re-appeared following the next zone push.
However... and this is where it takes on more general relevance...

I received some 30+ private emails citing similar experiences going back
2 years. And one in particular that may actually provide a clue to the
root cause (assuming NSI is interested). One of the respondents
suggested that based on his experience, perhaps NSI was running a select
statement against the database as a change was being made, and perhaps
record locking played a part. I then queried the customer who confirmed
that they had applied changes to *other* domains in their *account* at
NSI during the day the record first disappeared. I have so far been
able to confirm with two of the other folks who sent mail that they had
made changes on the day of, or before, the records disappeared. And they
were adamant that they had *not* deleted the nameservers from their
records by mistake when they made the changes.

Perhaps NSI can follow this trail?

YMMV.