On Tuesday, Sep 16, 2003, at 17:34 Canada/Eastern, Brian Gibbons wrote:

...

From: "Joe Abley" on behalf of A registrar inadvertently put the 2day.com zone on REGISTRAR HOLD, with the unpleasant result of removing it from the root zone.

This makes hosts in the zone 2day.com unresolvable.

Surely any domain hosted by 2day would also be unresolvable as the delegation for those zones would be by nameserver name and as I remember it all of 2day's name servers are in the 2day.com namespace.

Actually, no; 2day's nameservers are present in the respective registry zones as glue records, so it's just 2day.com that is affected.

...

In the meantime, it would be helpful if you could add a stub to your name servers, so that requests for things in the 2day.com zone are still resolved appropriately until the root servers catch up.

One assumes that many nameservers will cache that bad name lookup and fixing the root servers won't fix the problem immediately. Do you have an estimate of how long before this problem fixes itself.

The negative caching time should be limited by the negative cache TTL in the COM zone, which is set to a day, for resolvers that recognise the final parameter of the SOA RDATA as such. However, loading the stub zone config into a recursive nameserver's config will override that.

Would adding the stub to the servers that are authorititive for .co.nz bypass the problem for .co.nz zones (avoid a referal to the root servers).

There is no problem for co.nz zones delegated to 2day.com nameservers, per above. Joe

http://www.cert.org/advisories/CA-2003-24.html I have the NZ Redhat mirror syncing the updates now.