Hello- Actually, from looking at your record, I would guess that instead of an unauthorized modification of your tld, a (perhaps unauthorized) modification of one of the servers has occured: A whois on NS.EUNET.ES comes back with "No match," but a WAIS on NS6265-HST (the NIChandle for LINUX2.DYCSA.ES) shows: [No name] (NS6265-HST) Hostname: NS.EUNET.ES Address: 193.127.1.11 System: ? running ? Record last updated on 21-Feb-96. If you call and talk to someone and tell them that NS6265-HST has been updated without authorization, maybe you will get a better response. The new IP and hostname probably just took a while to propogate and start causing you problems. (It was modified on 17-Jul.) Otherwise you are probably getting someone in the call center who is looking at the NIC database record for .ES and saying "I see that this record has not been modified for over a year" and thinking you are just mistaken. I am not saying that inaction in the face of a TLD problem is not bad, but giving the NIC a more tracable problem should/may result in quicker resolution of your problem. Hopefully you have gotten a reply from the NIC by now and my message is just superflous! Hope this helps, Sarah
We hate to have to deal with this in public lists, but there seems to be the only way InterNIC reacts to problems these days :-(
Top level domain .es was screw up by InterNIC in yesterday's root zone update. They've added an unauthorized NS without our request, knowledge or consent.
We've been trying to get InterNIC to solve the problem ASAP (as it is affecting access to nearly 200.000 hosts under .es) sending messages to action@internic.net, hostmaster@internic.net and a couple of their management staff (see below) without success. We even were ingenuous enough to try to get some techical knowledgeable person on the phone but... first we got redirected to the IANA phone number!, second try (after convincing the operator that InterNIC is also in charge the root zone not only the .com .net .org domains) we had our contact data taken with the promise of a phone back by a technician which hasn't happened yet.
So my questions now:
Does any one know a direct way to reach the InterNIC technical staff to solve this kind of urgent problems?
Shouldn't there be a specific set up of procedures, forms and communication channels between the managers of the root zone and the TLD managers?
Any help will be appreciated.
Miguel A. Sanz ES-NIC
__________________ __ ______________________ /_/ Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152 Serrano 142 __ Fax: + 34 1 5855146 E-28006 Madrid /_/ SPAIN Network Manager ____________ Spanish Academic & Research Network ________________________
--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
Date: Wed, 30 Jul 1997 15:05:45 +0200 (MET DST) From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> To: "David H. Holtzman" <dholtz@internic.net> Subject: (Fwd) EMERGENCY TLD .ES Cc: hostmaster@nic.es
Please take quick action on this and report back!
We will wait a couple more hours before escalating this to IANA and TLD list.
Regards,
Miguel A. Sanz ES-NIC
--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
Date: Wed, 30 Jul 1997 11:49:59 +0200 (MET DST) From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> To: hostmaster@internic.net Subject: EMERGENCY TLD .ES Cc: cert@rediris.es, Mark Kosters <markk@internic.net>, hostmaster@nic.es
Dear hostmaster,
I am the technical contact of the top level domain for Spain (".es").
Much to our surprise we discover yesterday that a new unauthorized NS was popping up in everybody's caches for the ".es" zone.
At first we thought that a cache infection attack (the kind of Alternic's against InterNIC) was taking place and spread the word that everybody in the country upgrade to the recent versions of BIND.
However, some places running BIND-4.9.6 and 8.1.1 were also infected!!!
We the went to check InterNIC's database and ... the problem is there!!!
InterNIC has made a change in the delegation of the ".es" zone without our request, knowledge or consent. Instead of the authorized nameservers which are:
SUN.REDIRIS.ES 130.206.1.2 CHICO.REDIRIS.ES 130.206.1.3 PRADES.CESCA.ES 192.94.163.152 NS.EUNET.ES 193.127.1.11 SUNIC.SUNET.SE 192.36.125.2 192.36.148.18 NS.EU.NET 192.16.202.11 RS0.INTERNIC.NET 198.41.0.5 NS.UU.NET 137.39.1.3 MUNNARI.OZ.AU 128.250.1.21 128.250.22.2
You have now:
SUN.REDIRIS.ES 130.206.1.2 CHICO.REDIRIS.ES 130.206.1.3 PRADES.CESCA.ES 192.94.163.152 LINUX2.DYCSA.ES 195.53.97.1 SUNIC.SUNET.SE 192.36.125.2 192.36.148.18 NS.EU.NET 192.16.202.11 RS0.INTERNIC.NET 198.41.0.5 NS.UU.NET 137.39.1.3
For unkown reasons an unauthorized change has been made to the root zone and the InterNIC database. You have placed a bogus NS LINUX2.DYCSA.ES instead of the legal one: NS.EUNET.ES !!!
Please CORRECT this as soon as possible and restart the root server.
We would also like that you open an investigation about this case to know if this has been caused by some InterNIC's internal error or by an intentional ill will request made by someone.
Please keep as inform about your actions to correct this error and of the results of your internal investigation.
Regards,
Miguel A. Sanz (MAS122) ES-NIC
__________________ __ ______________________ /_/ Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152 Serrano 142 __ Fax: + 34 1 5855146 E-28006 Madrid /_/ SPAIN Network Manager ____________ Spanish Academic & Research Network ________________________
---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>