network renumbering (was Re: Possible login/password grabbing ploy)

Paul Mansfield paulm at
Wed May 13 09:28:46 UTC 1998

> The renumbering is now done...and I never did get to compile a list of all
> the domains we're lame for.

we had a similar problem when we were switching off the machine formerly known
as, which seemed to have been a server for most of the UK's
DNS at some time, as well as being a resolver for pretty much everyone. 

Nominet were helpful in providing a list of all domains which in theory it was
supposed to be primary or secondary for, but it didn't help where where other
delegations were made to it, such as .com and .org, and the was a

What we did in the end was to use TCPDUMP with a big packet length, dumped it
to a file, so that it showed the DNS transactions, and some judicious awk
hackery allowed us to see what it was being asked for, what zone transfers
worked and who was resolving off it.

We managed to stop most of the resolving, and eventually turned off recursion
to put an end to that!

When the deadline was reached to turn it off, we'd gotten the number of zones
down from many hundreds to perhaps a couple - just the ones where the TLD
delegations were untraceable or hopelessly broken.

P Mansfield, Senior SysAdmin PSINet, +44-1223-577577x2611/577611 fax:577600 
*** If a grand piano had a rubout key, I'd be a concert pianist by now! ***

More information about the NANOG mailing list