[trvrprkr]

Hurricane Electric (HE) provides, among other things, DNS services. When a domain is placed in `clientHold`, as has happened to HE due to a spurious phishing report, it causes the domain to no longer resolve. So the DNS records for HE and all of HE's customers are gradually becoming unresolvable as caches expire.

[dave78]

They offer a nice (free) secondary DNS service, which I use for all my domains. From my limited interaction with them, they seem like a great company. They also provide some nice IPv6 tutorials as well, and offer free IPv6 tunnels for those who can't get native IPv6. All in all they seem like a model company that believes in giving back to the internet community in meaningful ways.

Unfortunately, I use them to host secondary DNS for all my domains, so this Network Solutions stupidity is hitting home for me right now. Then again, I had enough issues with NS back in the 1990s that as soon as that monopoly was broken I switched and never looked back. TBH I'm a little surprised that HE would use NS, but perhaps they did thinking that NS would provide proper enterprise-level support for a major backbone provider and not cut them off on a holiday with no recourse - behavior you might expect or fear from a cut-rate provider.

[toast0]

Edit: since the domain is fixed, this isn't reproducable anymore.

An interesting thing is that if you have a .net domain with he.net nameservers, the .net authoritative servers will give you full glue records with the A/AAAA for nsX.he.net. But if you ask for he.net, you get back NXDOMAIN.

Example domain removed; no longer relevant.

NetworkSolutions is a truly terrible registrar, and anyone who still has a domain there should use this occasion to switch to somewhere better, which is almost anywhere. IMHO, it may be worthwhile for a real business where their domain is important to move to an expensive corporate registrar like MarkMonitor or CSC, and looking into registry lock, etc.

[slyall]

I guess this is one of the reasons AWS uses multiple domains in different TLDs for it's customer's name servers in route53[1]

A provider going rouge or a domain expiring will probably still leave 3 perfectly working.

[1] eg one of mine has awsdns-21.com, awsdns-50.co.uk, awsdns-11.net and awsdns-42.org

[KennyBlanken]

For anyone not well versed in DNS who needs an ELI5 level:

This impacts anyone using HE.net for their domain name service because a domain name specifies its nameservers (in an NS record) using fully qualified domain names. I believe it's ns1.he.net and ns2.he.net.

User at WildISP tries to go to a site. Resolving nameserver at WildISP.net fetches the NS records for samplewhamplesite.com from a root server and gets pointed to ns1.he.net...which no longer exists because the entire domain disappeared from the root servers.

It looks like things are back up?

Edit: nope, still in clienthold.