root nameserver problems ?

Mailman List Mirror (Read Only)

MCI_Hostmaster July 17, 1997, 11:51am 1

-----BEGIN PGP SIGNED MESSAGE-----

- From our vantage point, it looks like most of the root nameservers
have bad delegation data. Most of them return no delegation info
for what should be working domains:

  roy@ns% foreach ns ( a b c d e f g h i j k l m )
   do
   echo $ns.root-servers.net
   host -t ns digital.com $ns.root-servers.net
   host -t ns webcrawler.com $ns.root-servers.net
   echo
   done
  a.root-servers.net
  digital.com NS CRL.DEC.COM
  digital.com NS NS11.digital.com
  digital.com NS NS.DEC.COM
  webcrawler.com NS NS00.EXCITE.COM
  webcrawler.com NS NS01.EXCITE.COM
  webcrawler.com NS NSE00.EXCITE.COM
  webcrawler.com NS NSE01.EXCITE.COM

  b.root-servers.net
  digital.com does not exist at b.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at b.root-servers.net (Authoritative answer)

  c.root-servers.net
  digital.com does not exist at c.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at c.root-servers.net (Authoritative answer)

  d.root-servers.net
  digital.com does not exist at d.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at d.root-servers.net (Authoritative answer)

  e.root-servers.net
  digital.com does not exist at e.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at e.root-servers.net (Authoritative answer)

  f.root-servers.net
  digital.com does not exist at f.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at f.root-servers.net (Authoritative answer)

  g.root-servers.net
  digital.com does not exist at g.root-servers.net (Authoritative answer)
  webcrawler.com does not exist at g.root-servers.net (Authoritative answer)

  h.root-servers.net
  digital.com NS NS.DEC.COM
  digital.com NS CRL.DEC.COM
  digital.com NS NS11.digital.com
  webcrawler.com NS NS00.EXCITE.COM
  webcrawler.com NS NS01.EXCITE.COM
  webcrawler.com NS NSE00.EXCITE.COM
  webcrawler.com NS NSE01.EXCITE.COM

  i.root-servers.net
  digital.com NS CRL.DEC.COM
  digital.com NS NS11.digital.com
  digital.com NS NS.DEC.COM
  webcrawler.com NS NS01.EXCITE.COM
  webcrawler.com NS NSE00.EXCITE.COM
  webcrawler.com NS NSE01.EXCITE.COM
  webcrawler.com NS NS00.EXCITE.COM

  j.root-servers.net
  digital.com NS record currently not present at j.root-servers.net
  webcrawler.com NS record currently not present at j.root-servers.net

  k.root-servers.net
  digital.com NS record currently not present at k.root-servers.net
  webcrawler.com NS record currently not present at k.root-servers.net

  l.root-servers.net
  digital.com NS record currently not present at l.root-servers.net
  webcrawler.com NS record currently not present at l.root-servers.net

  m.root-servers.net
  digital.com NS record currently not present at m.root-servers.net
  webcrawler.com NS record currently not present at m.root-servers.net

To enable our resolvers to work properly, we've had to tell them
to ignore the root nameservers which appear to have bad data.
On a Bind 4.X system, one can do this with the 'bogusns' configuration
directive:

bogusns 128.9.0.107&255.255.255.255 192.33.4.12&255.255.255.255
   128.8.10.90&255.255.255.255 192.203.230.10&255.255.255.255
   192.5.5.241&255.255.255.255 192.112.36.4&255.255.255.255
   198.41.0.10&255.255.255.255 193.0.14.129&255.255.255.255
   198.32.64.12&255.255.255.255 198.32.65.12&255.255.255.255

For Bind 8.X servers, something like

   server 128.9.0.107 { bogus yes; }
   server 192.33.4.12 { bogus yes; }
   [etc...]

should work, I think.

- roy -