Home page logo
/

nanog logo nanog mailing list archives

TLD .ES screw up
From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz () rediris es>
Date: Wed, 30 Jul 1997 18:01:44 +0200 (MET DST)



We hate to have to deal with this in public lists, but there seems to be
the only way InterNIC reacts to problems these days :-(

Top level domain .es was screw up by InterNIC in yesterday's root zone
update. They've added an unauthorized NS without our request, knowledge or
consent.

We've been trying to get InterNIC to solve the problem ASAP (as it is
affecting access to nearly 200.000 hosts under .es) sending messages
to action () internic net, hostmaster () internic net and a couple of their
management staff (see below) without success. We even were ingenuous enough
to try to get some techical knowledgeable person on the phone but...
first we got redirected to the IANA phone number!, second try (after
convincing the operator that InterNIC is also in charge the root zone not
only the .com .net .org domains) we had our contact data taken with the
promise of a phone back by a technician which hasn't happened yet.

So my questions now:

Does any one know a direct way to reach the InterNIC technical staff to solve
this kind of urgent problems?

Shouldn't there be a specific set up of procedures, forms and communication
channels between the managers of the root zone and the TLD managers?

Any help will be appreciated.

Miguel A. Sanz
ES-NIC

__________________           __                    ______________________
                            /_/
Miguel A. Sanz       __            __       Email: miguel.sanz () rediris es
RedIRIS/CSIC        /_/  RedIRIS  /_/              Tel:    + 34 1 5855152
Serrano 142                __                      Fax:    + 34 1 5855146
E-28006  Madrid           /_/
SPAIN                                                 Network Manager
____________ Spanish Academic & Research Network ________________________



--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz () rediris es>

Date: Wed, 30 Jul 1997 15:05:45 +0200 (MET DST)
From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz () rediris es>
To: "David H. Holtzman" <dholtz () internic net>
Subject: (Fwd) EMERGENCY TLD .ES
Cc: hostmaster () nic es


Please take quick action on this and report back!

We will wait a couple more hours before escalating this to IANA and
TLD list.

Regards,

Miguel A. Sanz
ES-NIC


--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz () rediris es>

Date: Wed, 30 Jul 1997 11:49:59 +0200 (MET DST)
From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz () rediris es>
To: hostmaster () internic net
Subject: EMERGENCY TLD .ES
Cc: cert () rediris es, Mark Kosters <markk () internic net>, hostmaster () nic es



Dear hostmaster,

I am the technical contact of the top level domain for Spain (".es").

Much to our surprise we discover yesterday that a new unauthorized NS was
popping up in everybody's caches for the ".es" zone.

At first we thought that a cache infection attack (the kind of Alternic's
against InterNIC) was taking place and spread the word that everybody in
the country upgrade to the recent versions of BIND.

However, some places running BIND-4.9.6 and 8.1.1 were also infected!!!

We the went to check InterNIC's database and ... the problem is there!!!

InterNIC has made a change in the delegation of the ".es" zone without
our request, knowledge or consent. Instead of the authorized nameservers
which are:

   SUN.REDIRIS.ES               130.206.1.2
   CHICO.REDIRIS.ES             130.206.1.3
   PRADES.CESCA.ES              192.94.163.152
   NS.EUNET.ES                  193.127.1.11
   SUNIC.SUNET.SE               192.36.125.2 192.36.148.18
   NS.EU.NET                    192.16.202.11
   RS0.INTERNIC.NET             198.41.0.5
   NS.UU.NET                    137.39.1.3
   MUNNARI.OZ.AU                128.250.1.21 128.250.22.2

You have now:

   SUN.REDIRIS.ES               130.206.1.2
   CHICO.REDIRIS.ES             130.206.1.3
   PRADES.CESCA.ES              192.94.163.152
   LINUX2.DYCSA.ES              195.53.97.1
   SUNIC.SUNET.SE               192.36.125.2 192.36.148.18
   NS.EU.NET                    192.16.202.11
   RS0.INTERNIC.NET             198.41.0.5
   NS.UU.NET                    137.39.1.3

For unkown reasons an unauthorized change has been made to the root
zone and the InterNIC database. You have placed a bogus NS
LINUX2.DYCSA.ES instead of the legal one: NS.EUNET.ES !!!

Please CORRECT this as soon as possible and restart the root server.

We would also like that you open an investigation about this case
to know if this has been caused by some InterNIC's internal error
or by an intentional ill will request made by someone.

Please keep as inform about your actions to correct this error and
of the results of your internal investigation.

Regards,

Miguel A. Sanz (MAS122)
ES-NIC

__________________           __                    ______________________
                            /_/
Miguel A. Sanz       __            __       Email: miguel.sanz () rediris es
RedIRIS/CSIC        /_/  RedIRIS  /_/              Tel:    + 34 1 5855152
Serrano 142                __                      Fax:    + 34 1 5855146
E-28006  Madrid           /_/
SPAIN                                                 Network Manager
____________ Spanish Academic & Research Network ________________________




---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC"
<miguel.sanz () rediris es>


---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC"
<miguel.sanz () rediris es>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault