WARNING: AOL is hosed (again)

Michael Handler handler at sub-rosa.com
Fri Oct 16 20:51:16 UTC 1998


James Rishaw <jamie at dilbert.ais.net> writes:

> You can actually set a domain name so that it cannot be changed, by
> any template, by any modification, correct guardian or NOT.
> I would ass-u-me AOL did this, but obviously their DNS admins aren't
> clued enough to figure this one out.
> Tiem to hire people that know *all* of what they're supposed to do, not
> just what they read out of an ORA book.

Um, as anyone who's dealt with NSI on a non-casual level can tell you,
it's entirely possible that AOL had Guardian set up to disallow any
changes, as well as having the domain ``locked'' against any email changes
at all, and still have an unauthorized change occur. This is *not* the
first time a service-interrupting unauthorized DNS change (deliberate
or accidental) has slipped through NSI, though this is almost definitely
the biggest network to be affected.

And, two years later, the BEFORE-USE Guardian attribute *still*
doesn't work, natch.

ObUsefulInformation:

zone "aol.com" {
        type stub;
        file "zones/stub-aol.com";
        masters {
                152.163.200.52;
                152.163.200.116;
        };
};

[ Only works in BIND 8, but why are you still running 4.9.* anyway?
You can't put this into IOS, but you can put this into the nameservers
that your router uses... :) ]



More information about the NANOG mailing list