emv@ox.com (Ed Vielmetti) (03/30/91)
bad ns records for .edu are goofing up our nameservers, and it looks to be not unique to just us. hopefully not going to stop the news from flowing though.... -- Msen Edward Vielmetti /|--- moderator, comp.archives emv@msen.com ; <<>> DiG 2.0 <<>> @uunet.uu.net ns edu. ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 10 ;; flags: qr rd ra ; Ques: 1, Ans: 1, Auth: 1, Addit: 1 ;; QUESTIONS: ;; edu, type = NS, class = IN ;; ANSWERS: edu. 491711 NS ADMIN.JSUMS.EDU. ;; AUTHORITY RECORDS: EDU. 491711 NS ADMIN.JSUMS.EDU. ;; ADDITIONAL RECORDS: ADMIN.JSUMS.EDU. 491711 A 143.132.1.5 ;; Sent 1 pkts, answer found in time: 160 msec ;; FROM: poe.aa.ox.com to SERVER: uunet.uu.net 137.39.1.2 ;; WHEN: Fri Mar 29 22:06:46 1991 ;; MSG SIZE sent: 21 rcvd: 80 ; <<>> DiG 2.0 <<>> @umich.edu ns edu. ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 10 ;; flags: qr rd ra ; Ques: 1, Ans: 1, Auth: 1, Addit: 1 ;; QUESTIONS: ;; edu, type = NS, class = IN ;; ANSWERS: edu. 491697 NS ADMIN.JSUMS.EDU. ;; AUTHORITY RECORDS: edu. 491697 NS ADMIN.JSUMS.EDU. ;; ADDITIONAL RECORDS: ADMIN.JSUMS.EDU. 491697 A 143.132.1.5 ;; Sent 1 pkts, answer found in time: 750 msec ;; FROM: poe.aa.ox.com to SERVER: umich.edu 35.1.1.91 ;; WHEN: Fri Mar 29 22:06:59 1991 ;; MSG SIZE sent: 21 rcvd: 80 ; <<>> DiG 2.0 <<>> ns edu. ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 6 ;; flags: qr rd ra ; Ques: 1, Ans: 1, Auth: 1, Addit: 1 ;; QUESTIONS: ;; edu, type = NS, class = IN ;; ANSWERS: edu. 491687 NS ADMIN.JSUMS.EDU. ;; AUTHORITY RECORDS: edu. 491687 NS ADMIN.JSUMS.EDU. ;; ADDITIONAL RECORDS: ADMIN.JSUMS.EDU. 491687 A 143.132.1.5 ;; Sent 1 pkts, answer found in time: 3 msec ;; FROM: poe.aa.ox.com to SERVER: default -- 129.77.1.17 ;; WHEN: Fri Mar 29 22:07:09 1991 ;; MSG SIZE sent: 21 rcvd: 80
rickert@mp.cs.niu.edu (Neil Rickert) (03/30/91)
In article <EMV.91Mar29232619@poe.aa.ox.com> emv@ox.com (Ed Vielmetti) writes: >bad ns records for .edu are goofing up our nameservers, and it looks >to be not unique to just us. > >; <<>> DiG 2.0 <<>> @uunet.uu.net ns edu. >;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 10 >;; flags: qr rd ra ; Ques: 1, Ans: 1, Auth: 1, Addit: 1 >;; QUESTIONS: >;; edu, type = NS, class = IN > >;; ANSWERS: >edu. 491711 NS ADMIN.JSUMS.EDU. > We had exactly the same experience with our nameserver. I was about to dump my nameserver cache to disk for examination, then kill and restart it, but before doing so I did a second dig for edu. And magically the bad record had disappeared. Strange. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940
iglesias@draco.acs.uci.edu (Mike Iglesias) (03/30/91)
We're seeing them here too. When I restarted one of our nameservers, it got the correct info, except that NIC.NORDU.NET was added to the list of nameservers for edu. ns.nic.ddn.mil is passing this out - has a new root nameserver been added or is this bogus too? Mike Iglesias University of California, Irvine Internet: iglesias@draco.acs.uci.edu BITNET: iglesias@uci uucp: ...!ucbvax!ucivax!iglesias
bygg@sunet.se (Johnny Eriksson) (03/31/91)
iglesias@draco.acs.uci.edu (Mike Iglesias) writes: >We're seeing them here too. When I restarted one of our nameservers, >it got the correct info, except that NIC.NORDU.NET was added to the >list of nameservers for edu. ns.nic.ddn.mil is passing this out - has >a new root nameserver been added or is this bogus too? The information is correct, NIC.NORDU.NET is an official nameserver for the edu. domain. --Johnny
sob@TMC.EDU (Stan Barber) (03/31/91)
NIC.NORDU.NET is not a root name server. It is an .edu name server. At least, this is what the whois database at the ddn-nic is telling me. -- Stan internet: sob@bcm.tmc.edu Director, Networking Olan uucp: rutgers!bcm!sob and Systems Support Barber Opinions expressed are only mine. Baylor College of Medicine
phil@eecs.nwu.edu (William LeFebvre) (04/02/91)
Is anything being done about these bogus NS records for "edu"? As of Monday April 1(!!) 11:30 CST we are STILL seeing these bogus records. They are clogging up mail and generally making like rather uncomfortable for us. This isn't an April Fools joke, is it? 1/2 :-) William LeFebvre Computing Facilities Manager and Analyst Department of Electrical Engineering and Computer Science Northwestern University <phil@eecs.nwu.edu>
syd@DSI.COM (Syd Weinstein) (04/02/91)
phil@eecs.nwu.edu (William LeFebvre) writes: >Is anything being done about these bogus NS records for "edu"? >As of Monday April 1(!!) 11:30 CST we are STILL seeing these bogus >records. They are clogging up mail and generally making like rather >uncomfortable for us. >This isn't an April Fools joke, is it? 1/2 :-) I'm still seeing them, and I patched bind to tell me from where, does this help anyone Apr 1 21:57:13.620 named: Info: For question "nycenet.nycboe.edu", added zone 0 edu NS record for ADMIN.JSUMS.EDU from 192.35.82.2 2.82.35.192.in-addr.arpa name = N2NGW.NYSER.NET Is n2ngw.nyser.net the culprit or just another victem? -- ===================================================================== Sydney S. Weinstein, CDP, CCP Elm Coordinator Datacomp Systems, Inc. Voice: (215) 947-9900 syd@DSI.COM or dsinc!syd FAX: (215) 938-0235
oleary@noc.sura.net (dave o'leary) (04/02/91)
In article <1991Apr2.030514.24496@DSI.COM> syd@DSI.COM writes: >phil@eecs.nwu.edu (William LeFebvre) writes: >>Is anything being done about these bogus NS records for "edu"? > >>As of Monday April 1(!!) 11:30 CST we are STILL seeing these bogus >>records. They are clogging up mail and generally making like rather >>uncomfortable for us. > We have called the people at Jackson State and let them know about the problem, and we are prepared to help them fix it - however they have been on break last week through today and we haven't found the right person to talk to who can fix the problem. We'll try again tomorrow to get things fixed there, however everyone should recognize that once a problem like this is injected into the system it can sometimes last for quite a while. (Incidentally, the reason we are helping to deal with this is because JSU is a SURAnet site.) A couple of comments on the situation - first, it is not a good thing that a site's misconfiguration can screw things up so badly. Supporting efforts to improve bind, etc. and encouraging everyone to run up to date software are noble activities. Also, the documentation on how to set up this stuff correctly (hints on what to do and what *not* to do) should be more accessable (do they exist at all?). Thanks for your support! dave
rickert@mp.cs.niu.edu (Neil Rickert) (04/03/91)
At present BRL.MIL is infected with the bogus record. As a result they cannot resolve any addresses in EDU. Since their MMDF mailer insists on authenticating the sender, they also refuse to accept any mail from a EDU. host, so we can't tell them about it. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940
jcurran@SH.CS.NET (John Curran) (04/03/91)
-------- From: dave o'leary <haven!sura.net!oleary@ames.arc.nasa.gov> > A couple of comments on the situation - first, it is not a good thing > that a site's misconfiguration can screw things up so badly. > Supporting efforts to improve bind, etc. and encouraging everyone to > run up to date software are noble activities. On the positive side, experiences like this tend to improve the tolerance of many bind implementations as sites quickly move to insert logging and filtering. In time, we can expect these ad-hoc changes to prevent major DNS outages, right? :-) > Also, the documentation on how to set up this stuff correctly > (hints on what to do and what *not* to do) should be more accessable > (do they exist at all?). I get the impression that it depends on where you are. I know several regionals that provide DNS training and/or setup to sites, but I don't think that's standard on most nets. In terms of documentation, there are quite a few DNS presentations around (slides with bullets), but I'm not aware of any text writeups besides the Berkley BIND supplementry doc, and each vendors subsequent rewrite of it. /John