On 14 Jan 2025, at 09:59, Anand Buddhdev <anandb@ripe.net> wrote:
Dear colleagues,
On Wednesday 15 January, we'll be moving on to the final phase of removing our secondary DNS service for LIRs (ns.ripe.net) and updating all associated objects in the RIPE Database. This update will remove the "nserver: ns.ripe.net" attribute from them.
I am happy to report that 93% of the zones have been updated and stopped using ns.ripe.net as a secondary name server. The remaining zones that have not been updated will not be affected because they will have at least one working name server after this update. Therefore, we do not expect the DNS resolution of these zones to fail.
Hi Anand, After you remove the nserver entry in WHOIS, will you do a bit of dumping of at least the domains that are still attempted to be resolved through ns.ripe.net <http://ns.ripe.net/> to have a small overview of the amount of domains and amount of queries that are still flowing there. Before shutting down / removing the label of ns.ripe.net <http://ns.ripe.net/> another experiment that one could do is to change the IP of ns.ripe.net <http://ns.ripe.net/> to a distinct one, one then either should see queries follow to that new IP (thus them having a NS of ns.ripe.net <http://ns.ripe.net/>) or staying on the old IP (thus them using a different name in the NS). Noting that the group that is using the IP 'directly' (or well, outside of the ns.ripe.net <http://ns.ripe.net/> name) will cause those queries to keep on going to your IP, and when you shutdown that IP it will just mean ICMP traffic and retries... For the ones using ns.ripe.net <http://ns.ripe.net/>, they will keep on trying to resolve ns.ripe.net <http://ns.ripe.net/> but at least if you put a long TTL on the NXDOMAIN it should be decently cached and thus not impact your infra too much. Also, as there are contacts in the WHOIS entry, and you did an effort to contact the owners, can you state what the response rate was, also how many of the contacts bounced? Were they focussed on a few LIRs or spread out, old records or any other insights. Could be a good way to see how 'correct' the data in WHOIS actually is... Nevertheless good luck! (especially in the hope that the remaining query rate is low and no incidents too of course :) ) Regards, Jeroen