DNS just started resolving my server.prod addresses to 127.0.53.53

domain-name-system tld

I have servers named like server.prod.example.com, and I regularly log into them as server.prod. Recently, these hostnames started resolving to 127.0.53.53.

It turns out that ICANN recently enabled the .prod TLD. In addition, every request that goes to the .prod nameservers get resolved to 127.0.53.53 instead of coming back as NXDOMAIN, which would allow resolution to continue to work properly. (I'm guessing the point behind this is to let people know that their stuff will break worse before those start resolving to something real.)

How can I avoid having to type in my domain name for every host like this?

Is this still biting you occasionally? I couldn't find a list of new TLDs and when they were added, so I set one up myself: https://twitter.com/newgtldannounce


Solution 1:

When you see internal domains suddenly resolve to 127.0.53.53 you have a namecollision and ICANN is trying to tell you that you urgently need to fix your DNS configuration.
If it would return NXDOMAIN like you suggested, you are correct, it would continue to work - for now.

It would also leak your internally intended DNS query to outside parties.

Worse, in the future someone could register server.prod and cause you much more trouble.

See here for more information https://icann.org/namecollision or run:

$ dig -t TXT server.prod +short
"Your DNS configuration needs immediate attention see https://icann.org/namecollision"

As to how to resolve this: Depends on the use case, I probably would just add them to .ssh/config with the short names. Or start using the FQDNs really.

Solution 2:

If you type in a hostname with no dots in it, DNS resolvers try to look up that hostname by first appending the configured search domains to it.

For most resolvers, if you use a hostname with at least one dot in it, the resolver first tries the hostname on its own, and falls back to appending the configured search domains.

Many resolvers have the ability to change their behavior so that they append the search domains for hostnames with dots. This is often through an option called "ndots" that tells the resolver how many dots the hostname must have before it tries to look up the hostname on its own first. In order to make server.prod work, add this line to your resolv.conf:

options ndots:2

If you want to also be able to resolve server.subzone.prod, you'll have to set the option to 3, etc.

If anyone knows how to make this work in MacOS X, please let me know; changing /etc/resolv.conf is documented not to work (and doesn't) and I can't figure out the right scutil incantations.

(Note: I'm hedging my bets here more than is probably warranted. I believe that the ndots option will work on 99% of (non-MacOSX) Unix systems.)

Solution 3:

Other answers gave you the technical solution for the problem. But noone replied to your:

I couldn't find a list of new TLDs and when they were added

So here it is.

You have various ways.

  1. Hit the IANA website at: https://www.iana.org/domains/root/db ; you will see the current list of delegated TLDs, that is the ones that resolve and are in the root zone. If you click any on them, at bottom you will get a date telling you when they appeared
  2. That exact same data is available over whois, for example in your case whois -h whois.iana.org prod | grep created will give you created: 2014-08-23
  3. There are various bots on Twitter/Mastodon that post when IANA content changes, see for example https://twitter.com/ianawhois or https://twitter.com/rootchanges
  4. The IANA data may be a little behind in update, so the canonical database for gTLDs, and to see at which stage they are (now it is a little moot since the 2012 ICANN round of introducing new gTLDs is mostly finished, but new rounds will arrive), is here: https://gtldresult.icann.org/application-result/applicationstatus ; you can search by TLD. All gTLDs are also mandated some specific starting period, so you will find data here: https://newgtlds.icann.org/en/program-status/sunrise-claims-periods you can export all data.
  5. You can also use ICANN data in JSON: https://www.icann.org/resources/registries/gtlds/v2/gtlds.json

Related

FTP and Apache permission issues
`sudo echo "bla" >> /etc/sysctl.conf` permission denied
Should I use IPv6 only or both IPv4 and IPv6 in my web server?
Find out which process is changing a file
Apache Default/Catch-All Virtual Host?
How can I determine what is taking up so much space? [duplicate]
How to handle relative urls correctly with a nginx reverse proxy
How to configure vsftpd to work with passive mode
vSphere education - What are the downsides of configuring VMs with *too* much RAM?
How to stop people from using my domain to send spam? [duplicate]
Prevent duplicate cron jobs running
What is the single most influential book every sysadmin should read?