I need help with a DNS puzzle

jarlandjarland Hosting ProviderOG
edited September 8 in Help

I need more brains on this.

Recently I removed the GLUE records for ns1-ns4.mxroute.com, they had been left running but I always intended to shut them down. After doing so, a customer who had their NS set to ns1-ns4.mxroute.com for years suddenly saw the parent TLD (.net) returning their nameservers as:

blerghpzgjkbozqnf.hydrapiglephant.com
blerghklifadtpipj.hydrapiglephant.com

Similarly, a customer who has their NS set to ns1-ns4.catalysthost.net has intermittently been seeing the parent TLD return those same nameservers after an update to the GLUE records was made at Porkbun, causing their domain to stop resolving for periods of time.

Neither the CatalystHost nor MXroute customer use the same registrar, and neither of them are using Porkbun. Both MXroute and CatalystHost are using Porkbun. The domain hydrapiglephant.com appears to belong to Porkbun given that it's registered there and the existence of this page: https://porkbun.com/stuff/hydrapiglephant

These nameservers are returned from the parent TLD, for example running a DNS query like:

dig NS customerdomain.net @m.gtld-servers.net

They are not returned from ns1-ns4.mxroute.com (which no longer exists) or ns1-ns4.catalysthost.net (which still exists but was just updated).

The only conclusion I can reach is that somehow Porkbun is able to influence the NS at the parent TLD of domains that point their NS to domains for which they control the GLUE records (even if those domains are on different registrars), which is definitely news to me (and would be a serious error somewhere at the registrar level). Can anyone make sense of this?

Friends don’t let friends use MagicSpam, the pay-to-play email mafia.

Thanked by (2)Janevski AlwaysSkint

Comments

  • jarlandjarland Hosting ProviderOG

    Customer using catalyst NS reset their NS again at the registrar and the parent TLD is once again returning the correct values. Though this is the second time this has occurred, it does mean there are currently no active domains experiencing this to troubleshoot.

    Not ashamed to say this one confuses me.

    Friends don’t let friends use MagicSpam, the pay-to-play email mafia.

  • AbdullahAbdullah Hosting ProviderOG

    The only conclusion I can reach is that somehow Porkbun is able to influence the NS at the parent TLD of domains that point their NS to domains for which they control the GLUE records (even if those domains are on different registrars), which is definitely news to me (and would be a serious error somewhere at the registrar level). Can anyone make sense of this?

    Same. contact porkbun about it? maybe it is a mistake/bug.

    Thanked by (1)jarland
  • I have had issues like this before with Pornbun. Contact them :)

    Thanked by (1)jarland
  • This doesn't sound okay, at all!

    Thanked by (1)jarland

    Educationally teaches you with knowledge, while you learn and conglomeratively alluminate your academic intellectual profile: https://lowend.wiki
    „Homo homini rattus.“

  • @aaronstuder said:
    Pornbun

    😏

  • AnthonySmithAnthonySmith AdministratorHosting Provider

    @jarland said: The only conclusion I can reach is that somehow Porkbun is able to influence the NS at the parent TLD of domains that point their NS to domains for which they control the GLUE records

    I read the OP twice, and could only think that ^ is true, but I dont think it should be true.

    Thanked by (1)jarland

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

  • seriesnseriesn Hosting ProviderOG

    I have had similar with porkbun in the past (for different brands). Something is effed on the other end.

    Thanked by (1)jarland
  • jarlandjarland Hosting ProviderOG

    At least my sanity has been spared that no one else seems to see it differently based on the story. I’ll be sure to share the findings from their support.

    Friends don’t let friends use MagicSpam, the pay-to-play email mafia.

  • jarlandjarland Hosting ProviderOG
    edited September 8

    Hello,

    Thank you for bringing this to our attention hydrapiglephant.com is a test domain we use to swap out nameservers in the event GLUE records for a domain are deleted. I will escalate this to our admin team to find out what happened.

    Best,
    Phillip
    Support Engineer

    They're looking into it. It seems to me that from this suggestion, if I delete my GLUE records for custom NS and someone at another registrar is using those former custom NS, Porkbun has the authority to change the NS servers at the parent TLD despite that domain not being registered with Porkbun.

    I will have been completely unaware that anything done at one registrar could change the name (as opposed to merely the value) of a DNS record anywhere that isn't under the control of that particular registrar. I've run into a lot but nothing I've run into has ever suggested such a capability. It makes me wonder what kind of systems may be operating on trust between registrars and parent TLDs.

    Friends don’t let friends use MagicSpam, the pay-to-play email mafia.

  • Hello, all. This thread was sent over to me so I'm going to do my best to explain how this happens. The glue records registered under mxroute.com were delegated to other domains within the same registry zone (com/net in this case) which prevents their deletion. To get around this, the glue records can be renamed to another domain at the same registry zone so that the original can then be deleted. When ns1-ns4.mxroute.com were deleted, or any other glue record that falls into this situation, we rename the glue record to an internal domain we keep for these instances so that the record can be deleted.

  • jarlandjarland Hosting ProviderOG

    Thanks @oborseth!

    Yes this was the reply I got:

    I checked with our development team regarding this issue. Basically the issue is that we are unable to delete Glue records if they are assigned to another domain in the same zone (in this case .com and .net are part of the same zone at Verisign). To work around this issue, we rename the Glue records on the domain you delete them from to something random, which then effectively removes the Glue record from the domain. e.g. If you delete "ns1.catalysthost.net" it gets renamed to "blerghpzgjkbozqnf.hydrapiglephant.com." Any domain in the same zone which was pointed at those nameservers end up with the replacement Glue records as nameserver assignments. To be clear, we are not telling the registry directly to change the nameservers on another domain. We are simply renaming the Glue record so that it can be deleted. The nameserver change on the other domain occurs as a side-effect of renaming the Glue record and only happens if both domains are in the zone.

    So if a glue record is renamed with the parent, it apparently impacts what the parent returns for the domains that were using the NS matching that glue record, even if it wasn't altered by anyone with authority over that domain. It makes sense, I just had no idea that the parent zones worked in such a way as I'd never witnessed it. So the case where the customer used ns1-ns4.mxroute.com, it was appropriate and correct as I intentionally deleted those. In the case where the customer used ns1-ns4.catalysthost.net and Ryan simply changed the IP of the glue record, that may not have been appropriate that it changed (but at this stage is best figured out between Ryan and Porkbun).

    Thanked by (3)bikegremlin oborseth mikho

    Friends don’t let friends use MagicSpam, the pay-to-play email mafia.

  • I'll have to dig into the catalysthost.net issue, has to be something similar. It's the only way it can happen. That said, I'm questioning now if we should do this when it's a user requested delete. Might be something that should be escalated or at the very least double verified since it could impact resolution of other domains.

  • AnthonySmithAnthonySmith AdministratorHosting Provider

    Thanks for the explanation @oborseth and it is pretty impressive that you took the time to come here to explain this.

    Thanked by (3)oborseth AlwaysSkint mikho

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

  • Nothing contributed by posting something like this, but I'll do it anyway 'cause I'm an asshole:

    Thanks @jarland for bringing this up, and to @oborseth for taking the time to explain. It is appreciated. Smarter now than I was this morning. :)

    My experience with Porkbun has been quite good - and this kind of giving a damn about their partners makes me think even more highly of the registrar.

    Mostly harmless ™
    I/O Gremlin

  • Man, I am glad my collection of domains are with Porkbun. Occasional problems are par the course of life, but their attitude rocks.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Follow latest deals on Twitter or Telegram

  • jarlandjarland Hosting ProviderOG
    edited September 9

    Long live the hydrapiglephant!

    Thanked by (1)Mason

    Friends don’t let friends use MagicSpam, the pay-to-play email mafia.

  • Their UI isn't the best, the prices are (no longer) the cheapest, but support is why I stick with Porkbun <3

  • @hopeful said: the prices are (no longer) the cheapest

    Who is the cheapest now? :P

    Thanked by (1)Janevski
  • @Unixfy said:
    Who is the cheapest now? :P

    Cloudflare will always be the cheapest, except first year discount.

    Using boxes from SmartHost, Gullo, Evolution Host, MaxKVM, Virmach, summer-host.

  • @yoursunny said:
    Cloudflare will always be the cheapest, except first year discount.

    Sure, if you don't mine the fact that you can't change nameservers...

    Thanked by (1)bugrakoc
  • jarlandjarland Hosting ProviderOG

    @aaronstuder said: Sure, if you don't mine the fact that you can't change nameservers...

    Biggest problem with this is the record limit. Can only have 200 DNS records for a domain on a free account.

    Friends don’t let friends use MagicSpam, the pay-to-play email mafia.

  • That's quite limiting...

  • @jarland said:

    @aaronstuder said: Sure, if you don't mine the fact that you can't change nameservers...

    Biggest problem with this is the record limit. Can only have 200 DNS records for a domain on a free account.

    I’ve only reached the half of that, however their UI is really laggy with even that many records. Moved one of my domains to an AWS Education account’s Route 53, which worked quite well up to now.

  • @berkay said: I’ve only reached the half of that, however their UI is really laggy with even that many records. Moved one of my domains to an AWS Education account’s Route 53, which worked quite well up to now.

    Yeah, the laggy interface is awful. I've moved some of my domains to Route 53 as well for this reason. Cloudflare has a nice DNS service, but their competitors still do all the other supplemental stuff (like the UI) better. No surprise, considering the free DNS service is probably a loss leader anyways.

    Thanked by (1)berkay
Sign In or Register to comment.