[DBWG] in domain obj, identical nserver: attributes

Frank Habicht geier at geier.ne.tz
Fri Feb 20 06:34:37 UTC 2026 

Hi,

On 2/20/2026 3:16 AM, Sylvain BAYA wrote:
> Le 19/02/2026 à 14:41, Frank Habicht a écrit :
>> should there also be a check that for any new domain object there are 
>> not two nserver: attributes pointing to the exact same server name?
>>
> 
> No! imho, i see less interest and not existing
> documentation to support such a process.
> 
> Maybe you have more context to share, then i
> need to figure it out. Do kindly provide more
> element, for me to eventually reconsider my
> actual PoV (Point of View).
> 

I admit and agree that the current letter-of-the-law does allow
 >> nserver:        ns1.ibits.xyz
 >> nserver:        ns1.ibits.xyz

but is this really possibly the intend of the originator of this data?

In my opinion this is very most likely the result of a human mistake and 
it is also a likely cause for following human misunderstanding. Someone 
looking at this casually might think there are 2 nservers set.

AfriNIC auth DNS server gives one answer - not 2 identical ones. [1]

My intention is to see if we can help avoid someone (e.g. tnoc at ibits.co) 
mistakenly understanding the whois data as having effectively two auth 
DNS servers and thus some degree of redundancy.


>> If on domain object creation two nserver: attributes have the exact 
>> same content, should creation be rejected (because of most likely 
>> human error) ?
>>
> 
> Why? even more here. It's a "no" for me.
> ...as you shared, that "domain" class attribute
> description; and i can add (if minimum is 2?):
> 
> cacty at shalom:~$ TZ='UTC' date --rfc-3339='seconds' && \
> whois -h whois.afrinic.net -- -t domain | \
> grep nserver \
> # from AS15964 at Bhome
> 2026-02-19 23:59:22+00:00
> nserver:        [mandatory]  [multiple]   [inverse key]
> cacty at shalom:~$
> 
> Is there a persevered problem? please clarify,
> to allow me to better understand, brother.
> 
see above.

PS: the auth server is this example is also LAME :-(  - [2]


Regards,
Frank



[1]
$ dig @ns1.afrinic.net. 8.c.4.f.f.0.c.2.ip6.arpa ns +norec

; <<>> dig 9.10.8-P1 <<>> @ns1.afrinic.net. 8.c.4.f.f.0.c.2.ip6.arpa ns 
+norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63543
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;8.c.4.f.f.0.c.2.ip6.arpa.      IN      NS

;; AUTHORITY SECTION:
8.c.4.f.f.0.c.2.ip6.arpa. 172800 IN     NS      ns1.ibits.xyz.


[2]
$ dig @ns1.ibits.xyz. 8.c.4.f.f.0.c.2.ip6.arpa soa
...
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 5581

More information about the DBWG mailing list