SORBS on autopilot?

paul paul at hessels.ca
Fri Jan 15 11:26:12 CST 2010


Michelle,

-- 
Paul

In the beginner's mind there are many possibilities, but in the expert's mind there are few.
Shunryu Suzuki


On Fri, 15 Jan 2010, Michelle Sullivan wrote:

> That is my view, however most (if not all) of the tickets were for the /22 
> not the /32 which is why it was rejected.

On all of my tickets but one the robot said:

"I've analyzed the following IP space, based on the text of your
request:

67.196.137.188/32"


>
>> From your email, it is my understanding this should have went to a human. I 
>
> So go back to the robot response and tell me where it says it'll be sent to a 
> human...please...?

Until you told me it was going to a human, I didn't know.  In fact, I only 
replied to the robot out of frustration; who would reply to a robot 
expecting a different answer the second time?

Its been 10 days without a response, maybe my ticket got caught up some 
where?

>> -kind of leaping to conclusions here, but possibly the robot is caching 
>> DNS?  Which means even if what was broken had been fixed, the robot 
>> wouldn't see it?
>
> The robot caches results for 48 hours to prevent people launching DoS attacks 
> on our systems as well as yours.  The results are easily checked here:
>

Perhaps require them to login.


> http://nemesis.sorbs.net:82/<first octet>/<second octet>/<network>.txt
>
> eg:
>
> http://nemesis.sorbs.net:82/67/196/67.196.137.0.txt
>

Access to this would have helped a lot.  Atleast I would have had some 
place to start.  I see the last scan was on Jan 12th.  I see an error I 
can't really account for.

> In this case you can easily see why the robot was unable to process the 
> request...  PTR's were requested from the nominated authoritive servers, only 
> to receive a "NODATA" response (commonly seen if TCP responses are required 
> or CNAMEs are returned without the PTR.)
>
> There is an issue with the robot and some correctly assigned classless 
> delegations due to the way we process the data, there are various catches to 
> correct this and re-process the network with a more reliable (but 
> considerably more resource hungry) method.  Unfortunately it's not fool proof 
> though, which is why we tell people to respond to the robot response to get a 
> human to review it.  If anyone out there is knowledgable in Perl, C and DNS 
> and wants to take a shot at fixing that issue I'd love to have the help.

I seem to have gotten caught in a corner case then?  Because as far as I 
can see everything is setup correctly on my end.

Your help would be appreciated.

>
> Michelle
>




More information about the NANOG mailing list