DNS contamination

Ignoring additional records works pretty well for me.

Otherwise, the beast is out there, and we cannot do much except waiting
for it to die slowly.

For those who wonder what is so special about these addresses - they
were SprintLink's DNS servers' around Wilhelm the Conqueror's time or
shortly after that. Apparently, some clueless admins have these
addresses as bogus glue records in their zones and use vintage named
versions that allow them to do that. Once leaked out in additional
sections of DNS responses, these bogus records end up in other servers'
caches, which in turn try to use these addresses to resolve queries for
names for which SprintLink's servers are claimed to be authoritative.
In two hours about 400 servers tried to use hrn-cat-2.sprintlink.net (a
Catalyst something) as a name server.

Paul A Vixie writes: