We hate to have to deal with this in public lists, but there seems to be the only way InterNIC reacts to problems these days :-( Top level domain .es was screw up by InterNIC in yesterday's root zone update. They've added an unauthorized NS without our request, knowledge or consent. We've been trying to get InterNIC to solve the problem ASAP (as it is affecting access to nearly 200.000 hosts under .es) sending messages to action@internic.net, hostmaster@internic.net and a couple of their management staff (see below) without success. We even were ingenuous enough to try to get some techical knowledgeable person on the phone but... first we got redirected to the IANA phone number!, second try (after convincing the operator that InterNIC is also in charge the root zone not only the .com .net .org domains) we had our contact data taken with the promise of a phone back by a technician which hasn't happened yet. So my questions now: Does any one know a direct way to reach the InterNIC technical staff to solve this kind of urgent problems? Shouldn't there be a specific set up of procedures, forms and communication channels between the managers of the root zone and the TLD managers? Any help will be appreciated. Miguel A. Sanz ES-NIC __________________ __ ______________________ /_/ Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152 Serrano 142 __ Fax: + 34 1 5855146 E-28006 Madrid /_/ SPAIN Network Manager ____________ Spanish Academic & Research Network ________________________ --- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> Date: Wed, 30 Jul 1997 15:05:45 +0200 (MET DST) From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> To: "David H. Holtzman" <dholtz@internic.net> Subject: (Fwd) EMERGENCY TLD .ES Cc: hostmaster@nic.es Please take quick action on this and report back! We will wait a couple more hours before escalating this to IANA and TLD list. Regards, Miguel A. Sanz ES-NIC --- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> Date: Wed, 30 Jul 1997 11:49:59 +0200 (MET DST) From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> To: hostmaster@internic.net Subject: EMERGENCY TLD .ES Cc: cert@rediris.es, Mark Kosters <markk@internic.net>, hostmaster@nic.es Dear hostmaster, I am the technical contact of the top level domain for Spain (".es"). Much to our surprise we discover yesterday that a new unauthorized NS was popping up in everybody's caches for the ".es" zone. At first we thought that a cache infection attack (the kind of Alternic's against InterNIC) was taking place and spread the word that everybody in the country upgrade to the recent versions of BIND. However, some places running BIND-4.9.6 and 8.1.1 were also infected!!! We the went to check InterNIC's database and ... the problem is there!!! InterNIC has made a change in the delegation of the ".es" zone without our request, knowledge or consent. Instead of the authorized nameservers which are: SUN.REDIRIS.ES 130.206.1.2 CHICO.REDIRIS.ES 130.206.1.3 PRADES.CESCA.ES 192.94.163.152 NS.EUNET.ES 193.127.1.11 SUNIC.SUNET.SE 192.36.125.2 192.36.148.18 NS.EU.NET 192.16.202.11 RS0.INTERNIC.NET 198.41.0.5 NS.UU.NET 137.39.1.3 MUNNARI.OZ.AU 128.250.1.21 128.250.22.2 You have now: SUN.REDIRIS.ES 130.206.1.2 CHICO.REDIRIS.ES 130.206.1.3 PRADES.CESCA.ES 192.94.163.152 LINUX2.DYCSA.ES 195.53.97.1 SUNIC.SUNET.SE 192.36.125.2 192.36.148.18 NS.EU.NET 192.16.202.11 RS0.INTERNIC.NET 198.41.0.5 NS.UU.NET 137.39.1.3 For unkown reasons an unauthorized change has been made to the root zone and the InterNIC database. You have placed a bogus NS LINUX2.DYCSA.ES instead of the legal one: NS.EUNET.ES !!! Please CORRECT this as soon as possible and restart the root server. We would also like that you open an investigation about this case to know if this has been caused by some InterNIC's internal error or by an intentional ill will request made by someone. Please keep as inform about your actions to correct this error and of the results of your internal investigation. Regards, Miguel A. Sanz (MAS122) ES-NIC __________________ __ ______________________ /_/ Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152 Serrano 142 __ Fax: + 34 1 5855146 E-28006 Madrid /_/ SPAIN Network Manager ____________ Spanish Academic & Research Network ________________________ ---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> ---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
On Wed, Jul 30, 1997 at 06:01:44PM +0200, Miguel A. Sanz. RedIRIS/CSIC wrote:
Shouldn't there be a specific set up of procedures, forms and communication channels between the managers of the root zone and the TLD managers?
What? You mean that you _don't_ have a private address to send problem reports to as a TLD manager? :-) According to Mark Kosters, action@internic.net is the proper place to go... maybe they can't reply to you because their outbound mail system is trying to resolve your address by pointing at the bad nameserver. :-( Cheers, -- jr 'try a reply-to with an [IP.Number.Address]' a -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
Hello- Actually, from looking at your record, I would guess that instead of an unauthorized modification of your tld, a (perhaps unauthorized) modification of one of the servers has occured: A whois on NS.EUNET.ES comes back with "No match," but a WAIS on NS6265-HST (the NIChandle for LINUX2.DYCSA.ES) shows: [No name] (NS6265-HST) Hostname: NS.EUNET.ES Address: 193.127.1.11 System: ? running ? Record last updated on 21-Feb-96. If you call and talk to someone and tell them that NS6265-HST has been updated without authorization, maybe you will get a better response. The new IP and hostname probably just took a while to propogate and start causing you problems. (It was modified on 17-Jul.) Otherwise you are probably getting someone in the call center who is looking at the NIC database record for .ES and saying "I see that this record has not been modified for over a year" and thinking you are just mistaken. I am not saying that inaction in the face of a TLD problem is not bad, but giving the NIC a more tracable problem should/may result in quicker resolution of your problem. Hopefully you have gotten a reply from the NIC by now and my message is just superflous! Hope this helps, Sarah
We hate to have to deal with this in public lists, but there seems to be the only way InterNIC reacts to problems these days :-(
Top level domain .es was screw up by InterNIC in yesterday's root zone update. They've added an unauthorized NS without our request, knowledge or consent.
We've been trying to get InterNIC to solve the problem ASAP (as it is affecting access to nearly 200.000 hosts under .es) sending messages to action@internic.net, hostmaster@internic.net and a couple of their management staff (see below) without success. We even were ingenuous enough to try to get some techical knowledgeable person on the phone but... first we got redirected to the IANA phone number!, second try (after convincing the operator that InterNIC is also in charge the root zone not only the .com .net .org domains) we had our contact data taken with the promise of a phone back by a technician which hasn't happened yet.
So my questions now:
Does any one know a direct way to reach the InterNIC technical staff to solve this kind of urgent problems?
Shouldn't there be a specific set up of procedures, forms and communication channels between the managers of the root zone and the TLD managers?
Any help will be appreciated.
Miguel A. Sanz ES-NIC
__________________ __ ______________________ /_/ Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152 Serrano 142 __ Fax: + 34 1 5855146 E-28006 Madrid /_/ SPAIN Network Manager ____________ Spanish Academic & Research Network ________________________
--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
Date: Wed, 30 Jul 1997 15:05:45 +0200 (MET DST) From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> To: "David H. Holtzman" <dholtz@internic.net> Subject: (Fwd) EMERGENCY TLD .ES Cc: hostmaster@nic.es
Please take quick action on this and report back!
We will wait a couple more hours before escalating this to IANA and TLD list.
Regards,
Miguel A. Sanz ES-NIC
--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
Date: Wed, 30 Jul 1997 11:49:59 +0200 (MET DST) From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> To: hostmaster@internic.net Subject: EMERGENCY TLD .ES Cc: cert@rediris.es, Mark Kosters <markk@internic.net>, hostmaster@nic.es
Dear hostmaster,
I am the technical contact of the top level domain for Spain (".es").
Much to our surprise we discover yesterday that a new unauthorized NS was popping up in everybody's caches for the ".es" zone.
At first we thought that a cache infection attack (the kind of Alternic's against InterNIC) was taking place and spread the word that everybody in the country upgrade to the recent versions of BIND.
However, some places running BIND-4.9.6 and 8.1.1 were also infected!!!
We the went to check InterNIC's database and ... the problem is there!!!
InterNIC has made a change in the delegation of the ".es" zone without our request, knowledge or consent. Instead of the authorized nameservers which are:
SUN.REDIRIS.ES 130.206.1.2 CHICO.REDIRIS.ES 130.206.1.3 PRADES.CESCA.ES 192.94.163.152 NS.EUNET.ES 193.127.1.11 SUNIC.SUNET.SE 192.36.125.2 192.36.148.18 NS.EU.NET 192.16.202.11 RS0.INTERNIC.NET 198.41.0.5 NS.UU.NET 137.39.1.3 MUNNARI.OZ.AU 128.250.1.21 128.250.22.2
You have now:
SUN.REDIRIS.ES 130.206.1.2 CHICO.REDIRIS.ES 130.206.1.3 PRADES.CESCA.ES 192.94.163.152 LINUX2.DYCSA.ES 195.53.97.1 SUNIC.SUNET.SE 192.36.125.2 192.36.148.18 NS.EU.NET 192.16.202.11 RS0.INTERNIC.NET 198.41.0.5 NS.UU.NET 137.39.1.3
For unkown reasons an unauthorized change has been made to the root zone and the InterNIC database. You have placed a bogus NS LINUX2.DYCSA.ES instead of the legal one: NS.EUNET.ES !!!
Please CORRECT this as soon as possible and restart the root server.
We would also like that you open an investigation about this case to know if this has been caused by some InterNIC's internal error or by an intentional ill will request made by someone.
Please keep as inform about your actions to correct this error and of the results of your internal investigation.
Regards,
Miguel A. Sanz (MAS122) ES-NIC
__________________ __ ______________________ /_/ Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152 Serrano 142 __ Fax: + 34 1 5855146 E-28006 Madrid /_/ SPAIN Network Manager ____________ Spanish Academic & Research Network ________________________
---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
Actually, from looking at your record, I would guess that instead of an unauthorized modification of your tld, a (perhaps unauthorized) modification of one of the servers has occured:
Your exactly right. IHMO, not having some sort of guardian authentication (as was the problem with the es tld) is inviting trouble. If you don't have guardian authentication working on your domain, please look at http://rs.internic.net/guardian/ and get your domains administered by the InterNIC protected against unauthorized changes. Regards, Mark
On Jul 30, "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> wrote:
Does any one know a direct way to reach the InterNIC technical staff to solve this kind of urgent problems?
Telephone?
Shouldn't there be a specific set up of procedures, forms and communication channels between the managers of the root zone and the TLD managers?
I sure would hope so. But, don't publicize those procedures to widely, or Fleming will start cc'ing them on everything. ********************************************************* J.D. Falk voice: +1-415-482-2840 Supervisor, Network Operations fax: +1-415-482-2844 PRIORI NETWORKS, INC. http://www.priori.net See us at ISPCON '97, booth #501 "The People You Know. The People You Trust." *********************************************************
J.D. Falk <jdfalk@priori.net> writes:
On Jul 30, "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> wrote:
Does any one know a direct way to reach the InterNIC technical staff to solve this kind of urgent problems?
Telephone?
"All our repre-sentatives are busy at present. Your call is in a queue and will be answered shortly. For faster response, please send email to host-master at Inter-nic dot net." <put on speakerphone and wait> I don't think so. Well, perhaps if you have a direct line number. M.
This is drift, hit D now (sortof) Martin Cooper boldly claimed:
J.D. Falk <jdfalk@priori.net> writes:
On Jul 30, "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es> wrote:
Does any one know a direct way to reach the InterNIC technical staff to solve this kind of urgent problems?
Telephone? "All our repre-sentatives are busy at present. Your call is in a queue and will be answered shortly. For faster response, please send email to host-master at Inter-nic dot net." <put on speakerphone and wait>
I don't think so. Well, perhaps if you have a direct line number.
I've found that the internic will process properly formatted templates in about 45mins-3hours depdning for domain related templates, stuff such as host templates, and contact templates usually take a bit longer, and anything out of the ordinary takes about 3days-2 weeks to look at and respond to, and if they're being clueless, then you may have to wait another few days to get a response to a response to them telling them they're being clueless, and they might have fixed the problem by then. Send in a message, get a tracking number, call them, that's the best way, sending e-mail will be the slowest for emergency issues, the fact that it takes the nanog list sometimes a few hours to deliver a a message to all the recipients, and that includes folks at the internic, calling them and seeing what you can do is the best way.. but they have to thwart the folks who need a clue sold to them first, and that is a big task. - Jared -- ----------------- jared@puck.nether.net - Nether Network ------------------ For a good time, look at http://www.izzy.net/~janc/tour/ For a worse time, look at http://puck.nether.net/ finger jared@puck.nether.net for pgp key
participants (7)
-
J.D. Falk
-
Jared Mauch
-
Jay R. Ashworth
-
Mark Kosters
-
Martin Cooper
-
Miguel A. Sanz. RedIRIS/CSIC
-
Sarah