louie@SAYSHELL.UMD.EDU ("Louis A. Mamakos") (11/07/90)
I've noticed a bunch of errors being reported by our Proteon router which connected UMDNET to SURANET, and thus the rest of the Internet. There is a packet flux for packets being transmitted to 128.8.26.90. Hmm.. I think, this is pretty strange. TERP.UMD.EDU, which is one of the root name servers, has an address which is fairly similar: 128.8.10.90. I guess that the bogus address is the "MILNET" version of TERP's "ARPANET" flavored address.. Really weird. Bouncing name server queries to the hosts in question indicate that they have an incorrect idea of what TERP.UMD.EDU's IP address is. Will you all please take a look at your root name server cache infomormation, and make sure that you have correct information? I suspect that these bogus packets and the associated ICMP destination unreachable messages are using a non-trivial amount of bandwidth between the US and Europe. Let's try to track this down before it spreads very far. I'm seeing a few packets per second being transmitted to the bogus address. louie
del@thrush.mlb.semi.harris.com (Don Lewis) (11/07/90)
In article <9011061638.AA19042@sayshell.umd.edu> louie@SAYSHELL.UMD.EDU ("Louis A. Mamakos") writes: > >I've noticed a bunch of errors being reported by our Proteon router >which connected UMDNET to SURANET, and thus the rest of the Internet. >There is a packet flux for packets being transmitted to 128.8.26.90. > >Hmm.. I think, this is pretty strange. TERP.UMD.EDU, which is one of >the root name servers, has an address which is fairly similar: >128.8.10.90. I guess that the bogus address is the "MILNET" version >of TERP's "ARPANET" flavored address.. Really weird. > >Bouncing name server queries to the hosts in question indicate that >they have an incorrect idea of what TERP.UMD.EDU's IP address is. We haven't seen this show up here yet, but we are suffering from some other cache corruption. One of IRS.GOV's purported name servers told our name server that LBL.GOV is a root server, and it also looks like we picked up the address 128.20.1.2 for AOS.BRL.MIL from the same source. Somewhere along the way we also picked up the address 192.52.195.0 for NS.NASA.GOV. Unfortunately our automatic bogon detector only tosses out root servers named .ARPA, and logs the rest. It doesn't report new (and bogus) addresses for the root servers. If BIND only did a better job of conforming to section 7.4 in RFC-1035... -- Don "Truck" Lewis Harris Semiconductor Internet: del@mlb.semi.harris.com PO Box 883 MS 62A-028 Phone: (407) 729-5205 Melbourne, FL 32901