The renaming of .nu

No, of course we won't change the name of the TLD, just the hostname of some of the name servers serving the .nu zone.

Recently we added a fourth name server to the .nu zone (d.nic.nu) which is an unicast server that we run ourselves. By taking a closer look at the .nu name server setup, it became clear that .nu depends on availability of the .se zone. Not that we believe that .se is insecure or unstable, but just out of principal considerations both TLDs shouldn’t depend on each other. So how does .nu depend on .se?

When asking for .nu nameservers you get the following answer


$ dig nu ns
...
;; ANSWER SECTION:
;; ANSWER SECTION:
nu. 7178 IN NS a.nic.nu.
nu. 7178 IN NS b.nic.nu.
nu. 7178 IN NS c.nic.nu.
nu. 7178 IN NS d.nic.nu.
nu. 7178 IN NS y.ns.nu.
nu. 7178 IN NS z.ns.nu.
...

The servers y.ns.nu and z.ns.nu are in bailiwick. Their A and AAAA addresses are part of the .nu zone and all .nu name servers answer authoritative for requests for these resource records.

But lets see where the name servers for nic.nu are:


$ dig nic.nu ns
...
;; ANSWER SECTION:
nic.nu. 1800 IN NS ns3.nic.se.
nic.nu. 1800 IN NS ns.nic.se.
nic.nu. 1800 IN NS i.ns.se.

;; ADDITIONAL SECTION:
ns3.nic.se. 86400 IN A 91.226.37.45
ns3.nic.se. 86400 IN AAAA 2001:67c:124c:2007::45
ns.nic.se. 886400 IN A 91.226.36.45
ns.nic.se. 86400 IN AAAA 2001:67c:124c:100a::45
i.ns.se. 86400 IN A 194.146.106.22
i.ns.se. 86400 IN AAAA 2001:67c:1010:5::53
...

Now you see that suddenly servers in the .se TLD are authoritative for the name servers of the .nu zone.

Stepping Stones

The main goal is to remove the .nu dependency on .se, while at the same time we could make the name servers for .NU in bailiwick. When we discussed name servers for .SE that was the preferred solution.

1. Add four new name servers to the .nu zone


nu. 172800 IN NS a.ns.nu.
a.ns.nu. 86400 IN A 194.146.106.22
a.ns.nu. 86400 IN AAAA 2001:67c:1010:5::53

nu. 172800 IN NS b.ns.nu.
b.ns.nu. 86400 IN A 65.22.164.1
b.ns.nu. 86400 IN AAAA 2a01:8840:10::1

nu. 172800 IN NS c.ns.nu.
c.ns.nu. 86400 IN A 192.36.144.107
c.ns.nu. 86400 IN AAAA 2a01:3f0:0:301::53

nu. 172800 IN NS d.ns.nu.
d.ns.nu. 86400 IN A 213.108.25.4
d.ns.nu. 86400 IN AAAA 2001:67c:124c:e000::4

2. All new servers have the same ip addresses as the old servers with the same letter.

3. Update IANA with the new name servers (after min two times TTL = 4 days)

4. Remove old name servers from .nu zone (after min two times TTL = 4 days)

PTR

Right now our reverse records do not match our forward records, but maybe we would like to make them match where we can?


$ dig +short -x 194.146.106.22
se1.dnsnode.net.
$ dig +short -x 2001:67c:1010:5::53
se1.dnsnode.net.
$ dig +short -x 65.22.164.1
b.nic.nu.
r$ dig +short -x 2a01:8840:10::1
b.nic.nu.
$ dig +short -x 192.36.144.107
se-dns.sth.netnod.se.
$ dig +short -x 2a01:3f0:0:301::53
a.ns.se.
$ dig +short -x 213.108.25.4
x.ns.se.
$ dig +short -x 2001:67c:124c:e000::4
x.ns.se.

Matching reverse records are no requirement for a working DNS infrastructure.

Conclusion

Do these steps sound reasonable to you? Are we forgetting something? Let us know what you think.

This article has no tags

About the blogger

Ulrich Wisser Ulrich Wisser Developer at IIS Ulrich is working as a developer at IIS. He is mainly working on our production systems and EPP. Before he came to IIS he worked for ten years as an SEO developer.