myNIC registration requirements

Mathias Koerber mathias at staff.singnet.com.sg
Wed Aug 18 06:25:45 UTC 1999 

On Wed, 18 Aug 1999 asenec at asenec.dallas.nationwide.net wrote:

| Date: Wed, 18 Aug 1999 01:05:07 -0500 (CDT)
| From: asenec at asenec.dallas.nationwide.net
| To: bind-users at isc.org
| Subject: Re: myNIC registration requirements
| 
| Yes, I see what you are saying about the primary/authoritative response.
| But why is the response non-authoritative:

Maybe because:

	a) the domain is not set up on that nameserve yet (as you hint below)?
	   Is is perfectly valid for MyNIC to require that it is set up correctly.
	   I wihh InterNIC did that too (verify that all listed nameservers
	   have the same zone authoritatively set up). It reduces the possibility of
	   people naming other's nameservers, and some other problems.
	b) the domain is set up but there is a syntax errorm which makes named
	   load the data, but refuse to be authoritative for it.
	   If this is the case, check the named logfiles for details on the error.

| 
| # nslookup -q=any smartchoice.com.my 216.121.32.12
| Server:  magnesium.colossus.net
| Address:  216.121.32.12
| 
| Non-authoritative answer:
| smartchoice.com.my
| 	origin = magnesium.colossus.net
| 	mail addr = hostmaster.regihost.net
| 	serial = 99081115
| 	refresh = 86400 (1 day)
| 	retry   = 7200 (2 hours)
| 	expire  = 3600000 (41 days 16 hours)
| 	minimum ttl = 172800 (2 days)
| smartchoice.com.my	nameserver = magnesium.colossus.net
| smartchoice.com.my	nameserver = quartz.colossus.net
| smartchoice.com.my	internet address = 216.121.100.228
| smartchoice.com.my	preference = 10, mail exchanger = mail.smartchoice.com.my
| 
| Authoritative answers can be found from:
| smartchoice.com.my	nameserver = magnesium.colossus.net
| smartchoice.com.my	nameserver = quartz.colossus.net
| magnesium.colossus.net	internet address = 216.121.32.12
| quartz.colossus.net	internet address = 209.78.16.5
| mail.smartchoice.com.my	internet address = 216.121.100.228
| # nslookup 216.121.32.12
| Server:  localhost
| Address:  127.0.0.1
| 
| Name:    magnesium.colossus.net
| Address:  216.121.32.12
| 
| # 
| 
| I get an authoritative answer from this nameserver
| when I query a domain which is already registered;

yes, but they want you to have all listed nameservers
*already* authoritative for the domain. Legitimate, IMHO

| a non-authoritative answer from this nameserver for
| a domain which is not registered:
| 
| # nslookup 
| Default Server:  localhost
| Address:  127.0.0.1
| 
| > set type=any
| > oakwell.com.my
| Server:  localhost
| Address:  127.0.0.1
| 
| Non-authoritative answer:
| oakwell.com.my	nameserver = magnesium.colossus.net
| oakwell.com.my	nameserver = quartz.colossus.net
| oakwell.com.my	internet address = 209.182.56.80
| 
| Authoritative answers can be found from:
| oakwell.com.MY	nameserver = magnesium.colossus.net
| oakwell.com.MY	nameserver = quartz.colossus.net
| magnesium.colossus.net	internet address = 216.121.32.12
| quartz.colossus.net	internet address = 209.78.16.5
| > exit
| # nslookup -q=any oakwell.com.my 216.121.32.12
| Server:  magnesium.colossus.net
| Address:  216.121.32.12
| 
| oakwell.com.my
| 	origin = magnesium.colossus.net
| 	mail addr = hostmaster.regihost.net
| 	serial = 99060703
| 	refresh = 86400 (1 day)
| 	retry   = 7200 (2 hours)
| 	expire  = 3600000 (41 days 16 hours)
| 	minimum ttl = 172800 (2 days)
| oakwell.com.my	nameserver = magnesium.colossus.net
| oakwell.com.my	nameserver = quartz.colossus.net
| oakwell.com.my	preference = 10, mail exchanger = mail.oakwell.com.my
| oakwell.com.my	internet address = 209.182.56.80
| oakwell.com.my	nameserver = magnesium.colossus.net
| oakwell.com.my	nameserver = quartz.colossus.net
| magnesium.colossus.net	internet address = 216.121.32.12
| quartz.colossus.net	internet address = 209.78.16.5
| mail.oakwell.com.my	internet address = 209.182.56.80
| # 
| 
| So it would appear that until the domain is registered,
| queries would be answered with non-authoritative responses?

Either that, (if the nameserver  they query is recursive and finds their
delegation [if it already exists]). Or it will simply refuse and
return a referral to the roots or another parent NS.

| Is that a myNIC catch-22, or do I have something configured
| wrong (4.9.7)?

It seems you have not configured the domain you are registering.

| 
| As for whether 216.121.32.12 was shown on the registration
| form, I can't tell you since the customer submitted the form.
| 

regards

| Annette
| 
| 
| > | Date: Tue, 17 Aug 1999 22:36:27 -0500 (CDT)
| > | From: asenec at asenec.dallas.nationwide.net
| > | To: bind-users at isc.org
| > | Subject: myNIC registration requirements
| > | 
| > | Has anyone dealt with this registration agency?
| > | Surely they can't have a registration requirement
| > | as insane as this:
| > | 
| > | > NSLOOKUP RESULT:
| > | > 
| > | > 
| > | > 
| > | > --- PRIMARY SERVER ---
| > | > 
| > | > 
| > | > nslookup -q=any  smartchoice.com.my  216.121.32.12
| > | > 
| > | > Server:  magnesium.colossus.net
| > | > Address:  216.121.32.12
| > | > 
| > | > Non-authoritative answer:     <==SHOULD GIVE AN authoritative answer
| > | > 
| > | > 
| > | > 
| > | 
| > | That was taken from the rejection notification sent by myNIC to 
| > | the party attempting to register the domain.  
| > | 
| > | Going at this from a different approach, short of starting named and blocking
| > | all the world from the nameserver, except for myNIC, how could one possibly
| > | guarantee an authoritative response from a nameserver for a particular
| > | domain?  Am I missing something here?
| > 
| > If the nameserver was listed as primary NS in the registration template,
| > it *should* give an authoritative response. 
| > 
| > I had my disagreements with MYNIC over issues like requiring that the
| > SOA mhost be listed as nameserver (effectively diallowing stealth primaries
| > behind firewalls) and others, but at first look this looks ok.
| > I also disgree with them using nslookup for the test (as nslookup has
| > a few interesting bugs that sometimes trigger rejections from MyNIC,
| > when dig shows the domain to be ok).
| > 
| > To know better whether this is ok or not, we would know what the template 
| > looked like you sent in.  Did it list 216.121.32.12 as nameserver for the 
| > domain requested?
| > 
| > | 
| > | Annette
| > | 
| > 
| > Mathias Koerber	  | Tel: +65 / 471 9820    |   mathias at staff.singnet.com.sg
| > SingNet NOC	  | Fax: +65 / 475 3273    |            mathias at koerber.org
| > Q'town Tel. Exch. | PGP: Keyid: 768/25E082BD, finger mathias at singnet.com.sg
| > 2 Stirling Rd     |      1A 8B FC D4 93 F1 9A FC BD 98 A3 1A 0E 73 01 65
| > S'pore 148943     | Disclaimer: I speak only for myself
| > * Eifersucht ist eine Leidenschaft, die mit Eifer sucht, was Leiden schafft *
| > 
| > 
| 

Mathias Koerber	  | Tel: +65 / 471 9820    |   mathias at staff.singnet.com.sg
SingNet NOC	  | Fax: +65 / 475 3273    |            mathias at koerber.org
Q'town Tel. Exch. | PGP: Keyid: 768/25E082BD, finger mathias at singnet.com.sg
2 Stirling Rd     |      1A 8B FC D4 93 F1 9A FC BD 98 A3 1A 0E 73 01 65
S'pore 148943     | Disclaimer: I speak only for myself
* Eifersucht ist eine Leidenschaft, die mit Eifer sucht, was Leiden schafft *

More information about the bind-users mailing list