Home page logo
/

nanog logo nanog mailing list archives

Re: Lame RFC1918 delegations
From: Barry Margolin <barmar () bbnplanet com>
Date: Fri, 3 Apr 1998 14:50:55 -0500 (EST)


   From: bmanning () isi edu
   Posted-Date: Fri, 3 Apr 1998 11:36:10 -0800 (PST)
   Date: Fri, 3 Apr 1998 11:36:10 -0800 (PST)


   The primary for these zones moved to a dedicated server (blackhole.isi.edu)
   in early february 1998.  Due to an unfortunate confluence of events, 
   this week we identified several points of misconfiguration in both
   zone files and system configuration files.  Talking with the sysadmin
   this morning leads me to believe that the system is working properly.

   26% dig -x 172.16 any @blackhole.isi.edu

This is *not* proper, it's a Lame Delegation.  That query should return an
SOA record and it should have the Authoritative Answer flag set.

   ; <<>> DiG 2.0 <<>> -x any @blackhole.isi.edu 
   ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 12
   ;; flags: qr rd ra ; Ques: 1, Ans: 2, Auth: 2, Addit: 2
   ;; QUESTIONS: 
   ;;      16.172.in-addr.arpa, type = ANY, class = IN

   ;; ANSWERS:
   16.172.in-addr.arpa.    490877  NS      NS2.INTERNIC.NET.
   16.172.in-addr.arpa.    490877  NS      BLACKHOLE.ISI.EDU.

   ;; AUTHORITY RECORDS:
   16.172.in-addr.arpa.    490877  NS      NS2.INTERNIC.NET.
   16.172.in-addr.arpa.    490877  NS      BLACKHOLE.ISI.EDU.

   ;; ADDITIONAL RECORDS:
   NS2.INTERNIC.NET.       84712   A       198.41.0.11
   BLACKHOLE.ISI.EDU.      41512   A       128.9.64.26

   ;; Sent 3 pkts, answer found in time: 401 msec 
   ;; FROM: zed.isi.edu to SERVER: blackhole.isi.edu  128.9.64.26
   ;; WHEN: Fri Apr  3 11:35:07 1998
   ;; MSG SIZE  sent: 37  rcvd: 158



   > Several people have forwarded to me a message you sent to NANOG saying that
   > the problem with the RFC 1918 delegations was fixed yesterday.  As far as I
   > can tell, this is not true.  I'm still seeing lame responses from both
   > blackhole.isi.edu and ns2.internic.net (which replaced rs0.internic.net in
   > the delegations yesterday).
   > 
   > Also, we have a system here configured as a secondary server for the RFC
   > 1918 domains, so that we can point customer firewalls to it for their zone
   > transfers (this way, if the original primary moves, we only have to update
   > one system, not all the firewalls).  It used to use ns.isi.edu as its
   > primary, but that stopped working on 3/25.  Is there a machine that can be
   > used instead?
   > 
   > tools:~#58% whois 172.16
   > IANA (IANA-BBLK-RESERVED)
   >    Internet Assigned Numbers Authority
   >    Information Sciences Institute
   >    University of Southern California
   >    4676 Admiralty Way, Suite 1001
   >    Marina del Rey, CA 90292-6695
   > 
   >    Netname: IANA-BBLK-RESERVED
   >    Netblock: 172.16.0.0 - 172.31.0.0
   > 
   >    Coordinator:
   >       Internet Assigned Numbers Authority  (IANA-ARIN)  iana () iana org
   >       (310) 822-1511
   > 
   >    Domain System inverse mapping provided by:
   > 
   >    BLACKHOLE.ISI.EDU               128.9.64.26
   >    NS2.INTERNIC.NET                198.41.0.11
   > 
   > tools:~#61% dig -x 172.16 any @blackhole.isi.edu
   > 
   > ; <<>> DiG 2.1 <<>> -x any @blackhole.isi.edu 
   > ; (1 server found)
   > ;; res options: init recurs defnam dnsrch
   > ;; got answer:
   > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
   > ;; flags: qr rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2
   > ;; QUESTIONS:
   > ;; 16.172.in-addr.arpa, type = ANY, class = IN
   > 
   > ;; ANSWERS:
   > 16.172.in-addr.arpa.       295906  NS      RS0.INTERNIC.NET.
   > 16.172.in-addr.arpa.       295906  NS      BLACKHOLE.ISI.EDU.
   > 
   > ;; AUTHORITY RECORDS:
   > 16.172.in-addr.arpa.       295906  NS      RS0.INTERNIC.NET.
   > 16.172.in-addr.arpa.       295906  NS      BLACKHOLE.ISI.EDU.
   > 
   > ;; ADDITIONAL RECORDS:
   > RS0.INTERNIC.NET.  43877   A       198.41.0.5
   > BLACKHOLE.ISI.EDU. 25946   A       128.9.64.26
   > 
   > ;; Total query time: 427 msec
   > ;; FROM: tools.bbnplanet.com to SERVER: blackhole.isi.edu  128.9.64.26
   > ;; WHEN: Fri Apr  3 09:39:09 1998
   > ;; MSG SIZE  sent: 37  rcvd: 158
   > 
   > tools:~#63% dig -x 172.16 any @ns2.internic.net
   > 
   > ; <<>> DiG 2.1 <<>> -x any @ns2.internic.net 
   > ; (1 server found)
   > ;; res options: init recurs defnam dnsrch
   > ;; got answer:
   > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
   > ;; flags: qr rd; Ques: 1, Ans: 4, Auth: 0, Addit: 2
   > ;; QUESTIONS:
   > ;; 16.172.in-addr.arpa, type = ANY, class = IN
   > 
   > ;; ANSWERS:
   > 16.172.in-addr.arpa.       86400   NS      NS.ISI.EDU.
   > 16.172.in-addr.arpa.       86400   NS      rs0.internic.net.
   > 16.172.in-addr.arpa.       86400   NS      ORB.ISI.EDU.
   > 16.172.in-addr.arpa.       86400   SOA     NS.ISI.EDU. bmanning.zed.ISI.EDU. (
   >                    19941005        ; serial
   >                    10800   ; refresh (3 hours)
   >                    900     ; retry (15 mins)
   >                    604800  ; expire (7 days)
   >                    86400 ) ; minimum (1 day)
   > 
   > ;; ADDITIONAL RECORDS:
   > NS.ISI.EDU.        172800  A       128.9.128.127
   > rs0.internic.net.  172800  A       198.41.0.5
   > 
   > ;; Total query time: 60 msec
   > ;; FROM: tools.bbnplanet.com to SERVER: ns2.internic.net  198.41.0.11
   > ;; WHEN: Fri Apr  3 09:39:27 1998
   > ;; MSG SIZE  sent: 37  rcvd: 190
   > 
   > 
   > 
   > -- 
   > Barry Margolin, barmar () bbnplanet com
   > GTE Internetworking, Powered by BBN, Cambridge, MA
   > 


   -- 
   --bill


-- 
Barry Margolin, barmar () bbnplanet com
GTE Internetworking, Powered by BBN, Cambridge, MA


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault