First? TRUE Root Name Server On Line
Jamie
jamie at dilbert.multiverse.com
Sat Nov 23 22:32:16 UTC 1996
The server sucks.
Who the fuck runs a "root nameserver" with open things like this?
Open telnet, SMAIL on mail, and small-tcp (ATTACKABLE) services
like chargen, echo, discard, Please.
www3% telnet 199.5.157.5
Trying 199.5.157.5...
Connected to 199.5.157.5.
Escape character is '^]'.
BSDI BSD/386 1.1 (NS2.NIC.EARTH) (ttyp1)
login: ^DConnection closed by foreign host.
www3% telnet 199.5.157.5 25
Trying 199.5.157.5...
Connected to 199.5.157.5.
Escape character is '^]'.
220 NS2.NIC.EARTH Smail3.1.28.1 #17 ready at Sat, 23 Nov 96 16:48 WET
quit
221 NS2.NIC.EARTH closing connection
^PConnection closed by foreign host.
www3% telnet 199.5.157.5 chargen
Trying 199.5.157.5...
Connected to 199.5.157.5.
Escape character is '^]'.
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
^]
telnet> q
Connection closed.
www3% telnet 199.5.157.5 echo
Trying 199.5.157.5...
Connected to 199.5.157.5.
Escape character is '^]'.
^]
telnet> q
Connection closed.
www3% telnet 199.5.157.5 discard
Trying 199.5.157.5...
Connected to 199.5.157.5.
Escape character is '^]'.
^]
telnet> q
Connection closed.
> When history is made on the Internet, it is important to briefly pause
> to recognize the event, and then move forward.
Yes, that event will be celebrated world wide: The Day that Jim Fleming
Left the Internet. We'll call it Ex-Jim Day.
> 1. First and foremost, this appears to be the first, public
> access, Root Name Server which operates as
> a TRUE NON-RECURSIVE Root Server [2]. This is a
> requirement which is part of the new root name server
> guidelines which are being discussed by the IETF and
> other engineering groups. The 9 "popular" root name
> servers use by many ISPs do NOT meet these
> guidelines and resolve second level names.[3]
It's their JOBS to resolve second level names, idiot. What do you think
would happen if every time you queried for "unety.net NS" it just returned
*.root-servers.net nameservers? Wouldn't get you very far.
> True root name servers should do nothing but return
> references to TLD Name Servers [2], to reduce the
> scope of their control and their overall load.
.. and increase the amount of DNS traffic.
> 2. The official name of this root name server is...NS2.NIC.EARTH.
> Because of the growing availability of access to the
> new Top Level Domains, such as .EARTH, it seems
> appropriate to begin naming the new Root Name Servers
> with the newly available names.
"growing availability to new TLDs" or "the growing number of people who
think they own a TLD when it's nothing more than vapor?"
> 3. This Root Name Server can be added to the growing collection
> of Root 64 Name Servers which can be freely used
> by ISPs in their "root.cache" files. Because this Root
> Name Server is supported by a commercial enterprise,
> and not a hodge podge of volunteers (or the U.S.
> Government), ISPs can use this Root Name Server to
> help bring added stability and performance to their
> systems. [4] [5]
Nah. I'll stick with mine. Thanks.
> As has been proven over and over during the past year, new commercial
> Top Level Domains are a reality along with new commercial Root Name
> Servers. The business community is rising to the challenge of building
> a better, more complete, and better engineered Internet now that the
> research and development is largely over.
Even if you get 10,000 sysadmins to change their root.cache file, you
will still be unreachable to 90% of the Internet unless you get the
*.root-servers.net servers to officially recognize you.
> More commercial Root Name Servers are being installed and tested.
Apparently AGN's wasn't one of them. It's a security hole waiting to
happen. The last thing I want is some moron hacking into a server
that I refer to as a root nameserver, changing the data, and giving my
customers false information. Too much risk.
> @@@@@@ [1] @@@@@@@@@
>
> Result of: whois 199.5.156
Oh boy, i can 'whois'
> The American Global Network, Inc. (NETBLK-RABBIT2)
IT'S R at BB1T.N3T!!@#!@#&!@#%!@&#%
> @@@@@@ [3] @@@@@@@@@
>
> Result of: dig @a.root-servers.net mcs.com any
>
> ; <<>> DiG 2.1 <<>> @a.root-servers.net mcs.com any
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
> ;; flags: qr rd; Ques: 1, Ans: 2, Auth: 2, Addit: 2
> ;; QUESTIONS:
> ;; mcs.com, type = ANY, class = IN
>
> ;; ANSWERS:
> mcs.com. 172800 NS CEREBUS.mcs.com.
> mcs.com. 172800 NS KITTEN.mcs.com.
You don't understand the recursion flag, do you?
Tell me, Jim, what would happen if you were right: What would happen
if the root servers did not have an 'options no-recursion' option in
the bootfile? (or, as your limited knowledge thinks, "named -r"?)
Think, Jim.
Think really hard.
*.root-servers-net are "primary" nameservers for SLD's in the .COM zone.
If you queried a root-servers.net nameserver for "mcs.com any" and got back
a list of nameservers, you'd theoretically NEVER be able to get MCS.COM
records.
Here is how you test recursion:
dig @a.root-servers.net some-hostname.xyz.com
where 'some-hostname.xyz.com' is NOT a listed host for any domains.
Here's proof.
(aroot is a nickname for a.root-servers.net btw)
ns1% dig @aroot news.multiverse.com. any
; <<>> DiG 2.2 <<>> @aroot news.multiverse.com. any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd; Ques: 1, Ans: 0, Auth: 5, Addit: 5
;; QUESTIONS:
;; news.multiverse.com, type = ANY, class = IN
;; AUTHORITY RECORDS:
MULTIVERSE.COM. 172800 NS A.DNS.MULTIVERSE.COM.
MULTIVERSE.COM. 172800 NS NS2.OAR.NET.
MULTIVERSE.COM. 172800 NS NS1.AMERICA.COM.
MULTIVERSE.COM. 172800 NS STORM.LIGHTNING.NET.
MULTIVERSE.COM. 172800 NS IN-ADDR.ARPA.COM.
;; ADDITIONAL RECORDS:
A.DNS.MULTIVERSE.COM. 172800 A 207.170.128.10
NS2.OAR.NET. 172800 A 192.88.195.10
NS1.AMERICA.COM. 172800 A 206.125.236.11
STORM.LIGHTNING.NET. 172800 A 206.148.240.3
IN-ADDR.ARPA.COM. 172800 A 207.170.140.2
;; Total query time: 76 msec
;; FROM: ns1 to SERVER: aroot 198.41.0.4
;; WHEN: Sat Nov 23 16:52:44 1996
;; MSG SIZE sent: 37 rcvd: 259
--- If this nameserver were recursive, it would have given me the "A"
record for news.multiverse.com. But it didn't.
Again proving that you don't know what you're talking about.
Here's a server with recursion on:
ns1% dig @ns.unety.net. news.multiverse.com a |more
; <<>> DiG 2.2 <<>> @ns.unety.net. news.multiverse.com a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 7, Addit: 7
;; QUESTIONS:
;; news.multiverse.com, type = A, class = IN
;; ANSWERS:
news.multiverse.com. 3597 A 207.170.128.13
;; AUTHORITY RECORDS:
MULTIVERSE.COM. 110501 NS A.DNS.MULTIVERSE.COM.
MULTIVERSE.COM. 110501 NS NS2.OAR.NET.
MULTIVERSE.COM. 110501 NS NS1.AMERICA.COM.
MULTIVERSE.COM. 110501 NS STORM.LIGHTNING.NET.
MULTIVERSE.COM. 110501 NS IN-ADDR.ARPA.COM.
MULTIVERSE.COM. 3597 NS b.DNS.MULTIVERSE.COM.
MULTIVERSE.COM. 3597 NS ns1.OAR.NET.
;; ADDITIONAL RECORDS:
A.DNS.MULTIVERSE.COM. 156753 A 207.170.128.10
NS2.OAR.NET. 167647 A 192.88.195.10
NS1.AMERICA.COM. 110507 A 206.125.236.11
STORM.LIGHTNING.NET. 110507 A 206.148.240.3
IN-ADDR.ARPA.COM. 110507 A 207.170.140.2
b.DNS.MULTIVERSE.COM. 156753 A 207.170.128.11
ns1.OAR.NET. 167647 A 192.88.193.144
;; Total query time: 26 msec
;; FROM: ns1 to SERVER: ns.unety.net. 207.32.128.1
;; WHEN: Sat Nov 23 16:54:33 1996
;; MSG SIZE sent: 37 rcvd: 341
Your nameserver!
Please read up on how DNS works and then come back.
Until then, go back to your playpen.
--
jamie g.k. rishaw | work: jamie at multiverse.com | home: jamie at arpa.com
url-free sig file | multiverse corporate support| work tel: 216 771 0002
"I'm a doctor, not a doorstop!" -EMH, "Star Trek: First Contact"
More information about the NANOG
mailing list