URGENT: ns.internic.net blown
Paul A Vixie
paul at vix.com
Sun Mar 5 19:23:28 UTC 1995
> It's a little worse than that in this case; 194 isn't a provider
> block, it's one of the two superblocks in Europe, delegated to the
> RIPE NCC (the other one is 193).
>
> The bogus info is actually in the zone files themselves, according
> to Lars-Johan Liman at KTH in Sweden (they run nic.nordu.net, one
> of the root servers). This means that all root servers will be
> infected -- I just checked three, and yep, sure enough.
>
> Those root operators reading this, please consider fixing the zone
> file; the correct data is
>
> 194.IN-ADDR.ARPA. 518400 NS sunic.sunet.se.
> 194.IN-ADDR.ARPA. 518400 NS munnari.oz.au.
> 194.IN-ADDR.ARPA. 518400 NS sparky.arl.mil.
> 194.IN-ADDR.ARPA. 518400 NS ns.ripe.net.
> 194.IN-ADDR.ARPA. 518400 NS ns.eu.net.
> 194.IN-ADDR.ARPA. 518400 NS ns.uu.net.
> 194.IN-ADDR.ARPA. 518400 NS layon.inria.fr.
i've fixed this on ns.isc.org, though i'm not sure what good it will do
unless all the roots do it.
More information about the NANOG
mailing list