Home page logo
/

nanog logo nanog mailing list archives

root nameserver problems ?
From: "MCI Hostmaster" <hostmaster () mci net>
Date: Thu, 17 Jul 1997 07:51:03 -0400


-----BEGIN PGP SIGNED MESSAGE-----


- From our vantage point, it looks like most of the root nameservers
have bad delegation data.  Most of them return no delegation info
for what should be working domains:

  roy () ns% foreach ns ( a b c d e f g h i j k l m ) 
   do 
   echo $ns.root-servers.net 
   host -t ns digital.com $ns.root-servers.net 
   host -t ns webcrawler.com $ns.root-servers.net 
   echo 
   done
  a.root-servers.net
  digital.com             NS      CRL.DEC.COM
  digital.com             NS      NS11.digital.com
  digital.com             NS      NS.DEC.COM
  webcrawler.com          NS      NS00.EXCITE.COM
  webcrawler.com          NS      NS01.EXCITE.COM
  webcrawler.com          NS      NSE00.EXCITE.COM
  webcrawler.com          NS      NSE01.EXCITE.COM
  
  b.root-servers.net
  digital.com does not exist at b.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at b.root-servers.net (Authoritative answer)
  
  c.root-servers.net
  digital.com does not exist at c.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at c.root-servers.net (Authoritative answer)
  
  d.root-servers.net
  digital.com does not exist at d.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at d.root-servers.net (Authoritative answer)
  
  e.root-servers.net
  digital.com does not exist at e.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at e.root-servers.net (Authoritative answer)
  
  f.root-servers.net
  digital.com does not exist at f.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at f.root-servers.net (Authoritative answer)
  
  g.root-servers.net
  digital.com does not exist at g.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at g.root-servers.net (Authoritative answer)
  
  h.root-servers.net
  digital.com             NS      NS.DEC.COM
  digital.com             NS      CRL.DEC.COM
  digital.com             NS      NS11.digital.com
  webcrawler.com          NS      NS00.EXCITE.COM
  webcrawler.com          NS      NS01.EXCITE.COM
  webcrawler.com          NS      NSE00.EXCITE.COM
  webcrawler.com          NS      NSE01.EXCITE.COM
  
  i.root-servers.net
  digital.com             NS      CRL.DEC.COM
  digital.com             NS      NS11.digital.com
  digital.com             NS      NS.DEC.COM
  webcrawler.com          NS      NS01.EXCITE.COM
  webcrawler.com          NS      NSE00.EXCITE.COM
  webcrawler.com          NS      NSE01.EXCITE.COM
  webcrawler.com          NS      NS00.EXCITE.COM
  
  j.root-servers.net
  digital.com NS record currently not present at j.root-servers.net
  webcrawler.com NS record currently not present at j.root-servers.net
  
  k.root-servers.net
  digital.com NS record currently not present at k.root-servers.net
  webcrawler.com NS record currently not present at k.root-servers.net
  
  l.root-servers.net
  digital.com NS record currently not present at l.root-servers.net
  webcrawler.com NS record currently not present at l.root-servers.net
  
  m.root-servers.net
  digital.com NS record currently not present at m.root-servers.net
  webcrawler.com NS record currently not present at m.root-servers.net  
  
To enable our resolvers to work properly, we've had to tell them
to ignore the root nameservers which appear to have bad data.
On a Bind 4.X system, one can do this with the 'bogusns' configuration
directive:

 bogusns 128.9.0.107&255.255.255.255 192.33.4.12&255.255.255.255 
   128.8.10.90&255.255.255.255 192.203.230.10&255.255.255.255 
   192.5.5.241&255.255.255.255 192.112.36.4&255.255.255.255 
   198.41.0.10&255.255.255.255 193.0.14.129&255.255.255.255 
   198.32.64.12&255.255.255.255 198.32.65.12&255.255.255.255

For Bind 8.X servers, something like

   server 128.9.0.107 { bogus yes; }
   server 192.33.4.12 { bogus yes; }
   [etc...]

should work, I think.

                                - roy -


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM84G8mx7n9NanyP9AQENvwP/dEYxFjxDh83OL9xvVImGrjO2202h4jts
kK57u41y+DnnMehZitF9mtAhRPT0z469mmBrmWJC1EhgKlDjrm0YZwv7ZmHTgPQU
0GYcRMUPR8g7zYlnNwZxoEgUwpMzOj/SFbokL38Kojuy58CZDJZ7BrN5WFsV9/a9
Zc0s4eg+z8M=
=fzlJ
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]