Mailing List Archive: .com pollution

.com pollution

Jan 19, 1996, 4:00 PM

Post #1 of 4 (657 views)

(Credit for spotting this goes to Dima Volodin from Sprint.)
Please check your nameservers for .com NS bogus data. I
had a look around after Dima pointed out the bogus data
in ns.EU.net, and over 3/4 of the nameservers I checked
were infected (sprint, merit, mci, ans, net99, janet ...).

;; ANSWERS:
com. 467325 NS E.ROOT-SERVERS.NET.
com. 467325 NS I.ROOT-SERVERS.NET.
com. 467325 NS F.ROOT-SERVERS.NET.
com. 467325 NS G.ROOT-SERVERS.NET.
com. 467325 NS A.ROOT-SERVERS.NET.
com. 467325 NS H.ROOT-SERVERS.NET.
com. 77377 NS ari.ari.NET.
com. 77377 NS ns2.sprintlink.NET.
com. 77377 NS ns1.sprintlink.NET.
com. 77377 NS ns.peach.NET.
com. 467325 NS B.ROOT-SERVERS.NET.
com. 77377 NS k2.ari.net.
com. 325800 NS H.RoT-SERVERS.NET.
com. 324155 NS B.RoT-SERVERS.NET.
com. 324155 NS C.RoT-SERVERS.NET.
com. 324155 NS D.RoT-SERVERS.NET.
com. 324155 NS E.RoT-SERVERS.NET.
com. 324155 NS I.RoT-SERVERS.NET.
com. 324155 NS F.RoT-SERVERS.NET.
com. 324155 NS G.RoT-SERVERS.NET.
com. 324155 NS A.RoT-SERVERS.NET.
com. 467325 NS C.ROOT-SERVERS.NET.
com. 467325 NS D.ROOT-SERVERS.NET.

'rot-server' ...

--
====== ___ === Per G. Bilse, Mgr Network Operations Ctr
===== / / / __ ___ _/_ ==== EUnet Communications Services B.V.
==== /--- / / / / /__/ / ===== Singel 540, 1017 AZ Amsterdam, NL
=== /___ /__/ / / /__ / ====== tel: +31 20 6233803, fax: +31 20 6224657
=== ======= 24hr emergency number: +31 20 421 0865
=== Connecting Europe since 1982 === http://www.EU.net; e-mail: bilse@EU.net

Re: .com pollution [ In reply to ]

kobi at bbnplanet

Jan 19, 1996, 5:06 PM

Post #2 of 4 (652 views)

Permalink

...and, on our resolvers....

com. 321028 NS H.RïT-SERVERS.NET.
320919 IN NS H.R\357^?T-SERVERS.NET. ;Cr=addtnl [198.72.72.10]

[B., C., D., E., all corrupted from the same source]

I have killed and restarted named on ours...

_k

Re: .com pollution [ In reply to ]

Alan at PeachNet

Jan 19, 1996, 5:49 PM

Post #3 of 4 (658 views)

Permalink

I found corruption in 198.72.72.10 (my server) and killed/started BIND at
17:50 EST. My other servers 131.144.4.10 and 131.144.4.9 were not
affected. I saw trash like this via nslookup/dig: "com nameserver =
H.RÔT-SERVERS.NET". I did not dump the db so I can't compare TTL, etc with
you. A-I were also all corrupt.

Any idea how it started?
Alan

At 7:06 PM 1/19/96, Kobi wrote:
>...and, on our resolvers....
>
>com. 321028 NS H.RÔT-SERVERS.NET.
> 320919 IN NS H.R\357^?T-SERVERS.NET. ;Cr=addtnl [198.72.72.10]
>
>[B., C., D., E., all corrupted from the same source]
>
>I have killed and restarted named on ours...
>
>_k

Re: .com pollution [ In reply to ]

joey at teleport

Jan 19, 1996, 5:56 PM

Post #4 of 4 (654 views)

Permalink

for sites that don't want to restart dns, you can usually clean things
out of the cache by doing something like:

repeat 500 dig ns com.

becaused cached data has its ttl dropped by 10% each time it is used (at
least in bind-4.9.3-beta34 and above).