I need help with a DNS puzzle
I need more brains on this.
Recently I removed the GLUE records for ns1-ns4.mxroute.com, they had been left running but I always intended to shut them down. After doing so, a customer who had their NS set to ns1-ns4.mxroute.com for years suddenly saw the parent TLD (.net) returning their nameservers as:
Similarly, a customer who has their NS set to ns1-ns4.catalysthost.net has intermittently been seeing the parent TLD return those same nameservers after an update to the GLUE records was made at Porkbun, causing their domain to stop resolving for periods of time.
Neither the CatalystHost nor MXroute customer use the same registrar, and neither of them are using Porkbun. Both MXroute and CatalystHost are using Porkbun. The domain hydrapiglephant.com appears to belong to Porkbun given that it's registered there and the existence of this page: https://porkbun.com/stuff/hydrapiglephant
These nameservers are returned from the parent TLD, for example running a DNS query like:
dig NS customerdomain.net @m.gtld-servers.net
They are not returned from ns1-ns4.mxroute.com (which no longer exists) or ns1-ns4.catalysthost.net (which still exists but was just updated).
The only conclusion I can reach is that somehow Porkbun is able to influence the NS at the parent TLD of domains that point their NS to domains for which they control the GLUE records (even if those domains are on different registrars), which is definitely news to me (and would be a serious error somewhere at the registrar level). Can anyone make sense of this?
Friends don’t let friends use MagicSpam, the pay-to-play email mafia.