Chicken and egg in regards to inverse
We have a customer with an inverse object (in-addr.arpa) whereby the 3 nameservers listed are long extinct and need to be replaced. So the customer went to Cloudflare and paid to use their 2 nameservers (specifically harley.ns.cloudflare.com and teagan.ns.cloudflare.com). Yet, when I go to RIPE to update their inverse record I get many standard errors that the nameservers do not exist yet to serve this inverse domain. The customer tried to create the zone in cloudflare, but CF asks them to change the DNS in the RIPE object, but to change the RIPE object they need first to have an active DNS zone…. So what is one to do in such a case? Thanks, Hank
Speaking as myself, CF is wrong here. They need to have the zone active before changing the registrar details. Otherwise, the first requests between changing the NS and adding it to the servers will be incorrectly handled. This is pretty normal with forward-zones as well. -peter On 2025 Jan 30 (Thu) at 13:35:17 +0200 (+0200), Hank Nussbacher wrote: :We have a customer with an inverse object (in-addr.arpa) whereby the 3 :nameservers listed are long extinct and need to be replaced. : :So the customer went to Cloudflare and paid to use their 2 nameservers :(specifically harley.ns.cloudflare.com :and teagan.ns.cloudflare.com). : : :Yet, when I go to RIPE to update their inverse record I get many standard :errors that the nameservers do not exist yet to serve this inverse domain. :The customer tried to create the zone in cloudflare, but CF asks them to :change the DNS in the RIPE object, but to change the RIPE object they need :first to have an active DNS zone…. : : :So what is one to do in such a case? : : :Thanks, : :Hank -- Mother is the invention of necessity.
On 30/01/2025 14:05, Peter Hessler wrote: Perhaps RIPE NCC should take up a formal letter to CF explaining how they are technically wrong? Regards, Hank
Speaking as myself, CF is wrong here. They need to have the zone active before changing the registrar details. Otherwise, the first requests between changing the NS and adding it to the servers will be incorrectly handled.
This is pretty normal with forward-zones as well.
-peter
On 2025 Jan 30 (Thu) at 13:35:17 +0200 (+0200), Hank Nussbacher wrote: :We have a customer with an inverse object (in-addr.arpa) whereby the 3 :nameservers listed are long extinct and need to be replaced. : :So the customer went to Cloudflare and paid to use their 2 nameservers :(specifically harley.ns.cloudflare.com :and teagan.ns.cloudflare.com). : : :Yet, when I go to RIPE to update their inverse record I get many standard :errors that the nameservers do not exist yet to serve this inverse domain. :The customer tried to create the zone in cloudflare, but CF asks them to :change the DNS in the RIPE object, but to change the RIPE object they need :first to have an active DNS zone…. : : :So what is one to do in such a case? : : :Thanks, : :Hank
Hi Hank,
On 30 Jan 2025, at 13:52, Hank Nussbacher <hank@interall.co.il> wrote:
On 30/01/2025 14:05, Peter Hessler wrote:
Perhaps RIPE NCC should take up a formal letter to CF explaining how they are technically wrong?
Regards, Hank
Our DB support recommends to delete the existing domain object and then ask Cloudflare to setup their zone and then create a new domain object. Is this acceptable for your customer? It sounds like Cloudflare is not proceeding because of the outdated domain object in the RIPE database, but I couldn't find any procedure documented on their website. If you are still stuck can you send me privately your Cloudflare contact and I can discuss directly with them? Regards Ed Shryane RIPE NCC
participants (3)
-
Edward Shryane -
Hank Nussbacher -
Peter Hessler