Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Mark Andrews
In message , Barry Mar golin writes: > In article , > Mark Andrews wrote: > > > In message <4fdf631a.4060...@brandeis.edu>, John Miller writes: > > > Hi Alexander, > > > > > > We've actually run into this before. Once upon a time, RCN cable used > > > to run some slave servers for us, but we

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Mark Andrews
In message , Barry Mar golin writes: > In article , > Phil Mayers wrote: > > > On 18/06/12 16:49, Alexander Gurvitz wrote: > > > > > with each query gets new NS record, and... refreshes the NS TTL ? > > > > No, that's not how TTLs work. They always count down. > > Didn't this used to be a pr

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Barry Margolin
In article , Mark Andrews wrote: > In message <4fdf631a.4060...@brandeis.edu>, John Miller writes: > > Hi Alexander, > > > > We've actually run into this before. Once upon a time, RCN cable used > > to run some slave servers for us, but we've long since moved away from > > them, including zo

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Mark Andrews
In message <4fdf631a.4060...@brandeis.edu>, John Miller writes: > Hi Alexander, > > We've actually run into this before. Once upon a time, RCN cable used > to run some slave servers for us, but we've long since moved away from > them, including zone transfers. We yanked them from our registra

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Barry Margolin
In article , Phil Mayers wrote: > On 18/06/12 16:49, Alexander Gurvitz wrote: > > > with each query gets new NS record, and... refreshes the NS TTL ? > > No, that's not how TTLs work. They always count down. Didn't this used to be a problem? When the caching server queries the cached namese

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Mark Andrews
In message <4fdf5396.7000...@imperial.ac.uk>, Phil Mayers writes: > On 18/06/12 16:49, Alexander Gurvitz wrote: > > > with each query gets new NS record, and... refreshes the NS TTL ? > > No, that's not how TTLs work. They always count down. Which is because most for most queries there isn't a

Re: Single-key rollover

2012-06-18 Thread Mark Andrews
In message , Alexander Gurvitz writes: > Hello > > Is it possible with BIND to perform "Single Type Signing Key rollover" > as described in chapter 4.1.4 of rfc4641bis-11: > > (The idea is to have zone with single key instead of ZSK/KSK pair) > >There is a second variety of this rollover,

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread John Miller
Hi Alexander, We've actually run into this before. Once upon a time, RCN cable used to run some slave servers for us, but we've long since moved away from them, including zone transfers. We yanked them from our registrar a long time ago, and life was good. For whatever reason, RCN's still

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Ryan Novosielski
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/18/2012 12:19 PM, Tom Diehl wrote: > On Mon, 18 Jun 2012, Alexander Gurvitz wrote: > >> Can someone enlighten me on the following scenario (I guess it's >> explained somewhere, but can't find the info.): >> >> example.com was served by ns.OLDpr

RE: Moving DNS out of non-cooperative provider

2012-06-18 Thread Lightner, Jeff
Just to verify - when you say "old provider" you're just talking about somewhere you had pointed your DNS records to and NOT the actual Registrar for the domain? If it is the Registrar you have to make changes at the Registrar's site to change which DNS servers to use. If they're not being coo

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Tom Diehl
On Mon, 18 Jun 2012, Alexander Gurvitz wrote: Can someone enlighten me on the following scenario (I guess it's explained somewhere, but can't find the info.): example.com was served by ns.OLDprovider.net example.com owner wants to move his domain to ns.NEWprovider.net oldprovider.net is not coo

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread WBrown
Did you update your whois information to point to the name servers at NEWprovider.net? After this change is made and any cached data expires, the world will query them (NEWProvider), with the exception of anyone that uses name servers at OLDprovider.net who still thinks they are authoritative f

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Michael Graff
Eventually, if you have done the parent delegations (through where you register your zone) and have updated the new NS records to point only to the new spot, the old zone will only be used by that provider, and nowhere else. So, if com points to the new set of name servers, and example.com has

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Phil Mayers
On 18/06/12 16:49, Alexander Gurvitz wrote: with each query gets new NS record, and... refreshes the NS TTL ? No, that's not how TTLs work. They always count down. Will ns.isp.com EVER query ns.NEWprovider.net ? Yes, when the TTL has expired

Moving DNS out of non-cooperative provider

2012-06-18 Thread Alexander Gurvitz
Can someone enlighten me on the following scenario (I guess it's explained somewhere, but can't find the info.): example.com was served by ns.OLDprovider.net example.com owner wants to move his domain to ns.NEWprovider.net oldprovider.net is not cooperating, and continues to serve example.com 1728

Single-key rollover

2012-06-18 Thread Alexander Gurvitz
Hello Is it possible with BIND to perform "Single Type Signing Key rollover" as described in chapter 4.1.4 of rfc4641bis-11: (The idea is to have zone with single key instead of ZSK/KSK pair) There is a second variety of this rollover, during which one introduces a new DNSKEY into the key