root servers

for the past few hours, we've been seeing certain root servers
intermittently claiming that certain names don't exist, and then
changing their mind a few minutes later.

anyone else seeing this? did i miss an announcement of problems?

-matthew kaufman

While I am not at liberty at this time to release the documentation in my
hands as the invidual who wrote it would like to try and get a patch
available before releasing his advisory. Put simply, he has 'discovered',
documented, and made available his methods, a method to forge DNS
information in a way that would/could cause the errors you are seeing in the
root name servers. The following is an excerpt that I don't think he'll get
pissed about if I release:

Because of the severity of the problem at hand, no source code will be made
available. However, I have setup a service that you can use to test your
dns servers to see if they are vulnerable. I have setup certain domain names
off the domain which when queried will send additional
information in the packet to attempt to get bind to cache. Here is a list of
the domain names and the information they try to cache:
        Will load a domain name of with an A record of and a MX record of mail.test.domain with a priority of 10
        test.domain. It will also give it a NS record that points to
        ns.test.domain which has an IP address of
        This will add an A record of to
        This will add an MX record of mail.competitor.domain to test.domain
        with a priority of 5