URGENT: ns.internic.net blown
Per Gregers Bilse
bilse at EU.net
Sun Mar 5 18:52:39 UTC 1995
On Mar 5, 10:34, Len Rose wrote:
> It just recently happened to two of our networks as well (last week). I don't
> remember being warned about this, yet it has happened to several providers so
> far.
It's a little worse than that in this case; 194 isn't a provider
block, it's one of the two superblocks in Europe, delegated to the
RIPE NCC (the other one is 193).
The bogus info is actually in the zone files themselves, according
to Lars-Johan Liman at KTH in Sweden (they run nic.nordu.net, one
of the root servers). This means that all root servers will be
infected -- I just checked three, and yep, sure enough.
Those root operators reading this, please consider fixing the zone
file; the correct data is
194.IN-ADDR.ARPA. 518400 NS sunic.sunet.se.
194.IN-ADDR.ARPA. 518400 NS munnari.oz.au.
194.IN-ADDR.ARPA. 518400 NS sparky.arl.mil.
194.IN-ADDR.ARPA. 518400 NS ns.ripe.net.
194.IN-ADDR.ARPA. 518400 NS ns.eu.net.
194.IN-ADDR.ARPA. 518400 NS ns.uu.net.
194.IN-ADDR.ARPA. 518400 NS layon.inria.fr.
munnari.oz.au. 86400 A 128.250.22.2
munnari.oz.au. 86400 A 128.250.1.21
sparky.arl.mil. 52142 A 192.5.23.200
sparky.arl.mil. 52142 A 128.63.48.85
ns.ripe.net. 86400 A 193.0.0.193
ns.eu.net. 86400 A 192.16.202.11
ns.uu.net. 7200 A 137.39.1.3
layon.inria.fr. 172800 A 192.93.2.4
sunic.sunet.se. 86400 A 192.36.148.18
sunic.sunet.se. 86400 A 192.36.125.2
--
bilse, EUnet NOC +31 20 592 5110; 24hr +31 20 592 5165 (emergencies only)
EUnet Comm. Svcs. +31 20 623 3803; fax +31 20 622 4657 http://www.EU.net
More information about the NANOG
mailing list