mib@geech.gnu.ai.mit.edu (Michael I Bushnell) (04/03/91)
Life.ai.mit.edu has been infested with the edu. bogons recently. This is the only record it had for edu. in its cache: edu 95762 IN NS ADMIN.JSUMS.EDU. Whoever was kind enough to present us with this record didn't give us an A record for admin.jsums.edu, so edu names could no longer be resolved. Right after I restarted life's nameserver, albert.gnu.ai.mit.edu got infected. This one it had all the correct edu records as well as the bogon. This had the amusing result of causing many requests to fail and nslookup to dump core (neat, huh?). Admin.jsums.edu is 143.132.1.5. I wanted to see what the nameserver there had, but it doesn't respond, and jsums.edu (143.132.1.3) gets huge numbers of replies per ping sent, looks like TOPS-10 when I connected with telnet, and doesn't have a responding nameserver. I hope this helps the people who are dealing with this to find the source of the bogons. Sigh. -mib
oleary@noc.sura.net (dave o'leary) (04/04/91)
In article <MIB.91Apr3121950@geech.gnu.ai.mit.edu> mib@geech.gnu.ai.mit.edu (Michael I Bushnell) writes: > >Life.ai.mit.edu has been infested with the edu. bogons recently. > [stuff about MIT infections deleted....] > >I hope this helps the people who are dealing with this to find the >source of the bogons. Sigh. > > -mib The machine admin.jsums.edu has had name service turned off for at least a couple of days now. I don't know if there are any other name servers currently running at JSU. At this point it should only be a matter of all the caches timing out, unless somebody somewhere else has a bind misconfiguration that resets the expire to a high value again or something. How about everybody restart all the name servers Friday at midnight or something? :-) dave