Several people have forwarded to me a message you sent to NANOG saying that the problem with the RFC 1918 delegations was fixed yesterday. As far as I can tell, this is not true. I'm still seeing lame responses from both blackhole.isi.edu and ns2.internic.net (which replaced rs0.internic.net in the delegations yesterday). Also, we have a system here configured as a secondary server for the RFC 1918 domains, so that we can point customer firewalls to it for their zone transfers (this way, if the original primary moves, we only have to update one system, not all the firewalls). It used to use ns.isi.edu as its primary, but that stopped working on 3/25. Is there a machine that can be used instead? tools:~#58% whois 172.16 IANA (IANA-BBLK-RESERVED) Internet Assigned Numbers Authority Information Sciences Institute University of Southern California 4676 Admiralty Way, Suite 1001 Marina del Rey, CA 90292-6695 Netname: IANA-BBLK-RESERVED Netblock: 172.16.0.0 - 172.31.0.0 Coordinator: Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org (310) 822-1511 Domain System inverse mapping provided by: BLACKHOLE.ISI.EDU 128.9.64.26 NS2.INTERNIC.NET 198.41.0.11 tools:~#61% dig -x 172.16 any @blackhole.isi.edu ; <<>> DiG 2.1 <<>> -x any @blackhole.isi.edu ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN ;; ANSWERS: 16.172.in-addr.arpa. 295906 NS RS0.INTERNIC.NET. 16.172.in-addr.arpa. 295906 NS BLACKHOLE.ISI.EDU. ;; AUTHORITY RECORDS: 16.172.in-addr.arpa. 295906 NS RS0.INTERNIC.NET. 16.172.in-addr.arpa. 295906 NS BLACKHOLE.ISI.EDU. ;; ADDITIONAL RECORDS: RS0.INTERNIC.NET. 43877 A 198.41.0.5 BLACKHOLE.ISI.EDU. 25946 A 128.9.64.26 ;; Total query time: 427 msec ;; FROM: tools.bbnplanet.com to SERVER: blackhole.isi.edu 128.9.64.26 ;; WHEN: Fri Apr 3 09:39:09 1998 ;; MSG SIZE sent: 37 rcvd: 158 tools:~#63% dig -x 172.16 any @ns2.internic.net ; <<>> DiG 2.1 <<>> -x any @ns2.internic.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr rd; Ques: 1, Ans: 4, Auth: 0, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN ;; ANSWERS: 16.172.in-addr.arpa. 86400 NS NS.ISI.EDU. 16.172.in-addr.arpa. 86400 NS rs0.internic.net. 16.172.in-addr.arpa. 86400 NS ORB.ISI.EDU. 16.172.in-addr.arpa. 86400 SOA NS.ISI.EDU. bmanning.zed.ISI.EDU. ( 19941005 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 mins) 604800 ; expire (7 days) 86400 ) ; minimum (1 day) ;; ADDITIONAL RECORDS: NS.ISI.EDU. 172800 A 128.9.128.127 rs0.internic.net. 172800 A 198.41.0.5 ;; Total query time: 60 msec ;; FROM: tools.bbnplanet.com to SERVER: ns2.internic.net 198.41.0.11 ;; WHEN: Fri Apr 3 09:39:27 1998 ;; MSG SIZE sent: 37 rcvd: 190 -- Barry Margolin, barmar@bbnplanet.com GTE Internetworking, Powered by BBN, Cambridge, MA
The primary for these zones moved to a dedicated server (blackhole.isi.edu) in early february 1998. Due to an unfortunate confluence of events, this week we identified several points of misconfiguration in both zone files and system configuration files. Talking with the sysadmin this morning leads me to believe that the system is working properly. 26% dig -x 172.16 any @blackhole.isi.edu ; <<>> DiG 2.0 <<>> -x any @blackhole.isi.edu ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 12 ;; flags: qr rd ra ; Ques: 1, Ans: 2, Auth: 2, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN ;; ANSWERS: 16.172.in-addr.arpa. 490877 NS NS2.INTERNIC.NET. 16.172.in-addr.arpa. 490877 NS BLACKHOLE.ISI.EDU. ;; AUTHORITY RECORDS: 16.172.in-addr.arpa. 490877 NS NS2.INTERNIC.NET. 16.172.in-addr.arpa. 490877 NS BLACKHOLE.ISI.EDU. ;; ADDITIONAL RECORDS: NS2.INTERNIC.NET. 84712 A 198.41.0.11 BLACKHOLE.ISI.EDU. 41512 A 128.9.64.26 ;; Sent 3 pkts, answer found in time: 401 msec ;; FROM: zed.isi.edu to SERVER: blackhole.isi.edu 128.9.64.26 ;; WHEN: Fri Apr 3 11:35:07 1998 ;; MSG SIZE sent: 37 rcvd: 158
Several people have forwarded to me a message you sent to NANOG saying that the problem with the RFC 1918 delegations was fixed yesterday. As far as I can tell, this is not true. I'm still seeing lame responses from both blackhole.isi.edu and ns2.internic.net (which replaced rs0.internic.net in the delegations yesterday).
Also, we have a system here configured as a secondary server for the RFC 1918 domains, so that we can point customer firewalls to it for their zone transfers (this way, if the original primary moves, we only have to update one system, not all the firewalls). It used to use ns.isi.edu as its primary, but that stopped working on 3/25. Is there a machine that can be used instead?
tools:~#58% whois 172.16 IANA (IANA-BBLK-RESERVED) Internet Assigned Numbers Authority Information Sciences Institute University of Southern California 4676 Admiralty Way, Suite 1001 Marina del Rey, CA 90292-6695
Netname: IANA-BBLK-RESERVED Netblock: 172.16.0.0 - 172.31.0.0
Coordinator: Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org (310) 822-1511
Domain System inverse mapping provided by:
BLACKHOLE.ISI.EDU 128.9.64.26 NS2.INTERNIC.NET 198.41.0.11
tools:~#61% dig -x 172.16 any @blackhole.isi.edu
; <<>> DiG 2.1 <<>> -x any @blackhole.isi.edu ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN
;; ANSWERS: 16.172.in-addr.arpa. 295906 NS RS0.INTERNIC.NET. 16.172.in-addr.arpa. 295906 NS BLACKHOLE.ISI.EDU.
;; AUTHORITY RECORDS: 16.172.in-addr.arpa. 295906 NS RS0.INTERNIC.NET. 16.172.in-addr.arpa. 295906 NS BLACKHOLE.ISI.EDU.
;; ADDITIONAL RECORDS: RS0.INTERNIC.NET. 43877 A 198.41.0.5 BLACKHOLE.ISI.EDU. 25946 A 128.9.64.26
;; Total query time: 427 msec ;; FROM: tools.bbnplanet.com to SERVER: blackhole.isi.edu 128.9.64.26 ;; WHEN: Fri Apr 3 09:39:09 1998 ;; MSG SIZE sent: 37 rcvd: 158
tools:~#63% dig -x 172.16 any @ns2.internic.net
; <<>> DiG 2.1 <<>> -x any @ns2.internic.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr rd; Ques: 1, Ans: 4, Auth: 0, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN
;; ANSWERS: 16.172.in-addr.arpa. 86400 NS NS.ISI.EDU. 16.172.in-addr.arpa. 86400 NS rs0.internic.net. 16.172.in-addr.arpa. 86400 NS ORB.ISI.EDU. 16.172.in-addr.arpa. 86400 SOA NS.ISI.EDU. bmanning.zed.ISI.EDU. ( 19941005 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 mins) 604800 ; expire (7 days) 86400 ) ; minimum (1 day)
;; ADDITIONAL RECORDS: NS.ISI.EDU. 172800 A 128.9.128.127 rs0.internic.net. 172800 A 198.41.0.5
;; Total query time: 60 msec ;; FROM: tools.bbnplanet.com to SERVER: ns2.internic.net 198.41.0.11 ;; WHEN: Fri Apr 3 09:39:27 1998 ;; MSG SIZE sent: 37 rcvd: 190
-- Barry Margolin, barmar@bbnplanet.com GTE Internetworking, Powered by BBN, Cambridge, MA
-- --bill
From: bmanning@isi.edu Posted-Date: Fri, 3 Apr 1998 11:36:10 -0800 (PST) Date: Fri, 3 Apr 1998 11:36:10 -0800 (PST) The primary for these zones moved to a dedicated server (blackhole.isi.edu) in early february 1998. Due to an unfortunate confluence of events, this week we identified several points of misconfiguration in both zone files and system configuration files. Talking with the sysadmin this morning leads me to believe that the system is working properly. 26% dig -x 172.16 any @blackhole.isi.edu This is *not* proper, it's a Lame Delegation. That query should return an SOA record and it should have the Authoritative Answer flag set. ; <<>> DiG 2.0 <<>> -x any @blackhole.isi.edu ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 12 ;; flags: qr rd ra ; Ques: 1, Ans: 2, Auth: 2, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN ;; ANSWERS: 16.172.in-addr.arpa. 490877 NS NS2.INTERNIC.NET. 16.172.in-addr.arpa. 490877 NS BLACKHOLE.ISI.EDU. ;; AUTHORITY RECORDS: 16.172.in-addr.arpa. 490877 NS NS2.INTERNIC.NET. 16.172.in-addr.arpa. 490877 NS BLACKHOLE.ISI.EDU. ;; ADDITIONAL RECORDS: NS2.INTERNIC.NET. 84712 A 198.41.0.11 BLACKHOLE.ISI.EDU. 41512 A 128.9.64.26 ;; Sent 3 pkts, answer found in time: 401 msec ;; FROM: zed.isi.edu to SERVER: blackhole.isi.edu 128.9.64.26 ;; WHEN: Fri Apr 3 11:35:07 1998 ;; MSG SIZE sent: 37 rcvd: 158
Several people have forwarded to me a message you sent to NANOG saying that the problem with the RFC 1918 delegations was fixed yesterday. As far as I can tell, this is not true. I'm still seeing lame responses from both blackhole.isi.edu and ns2.internic.net (which replaced rs0.internic.net in the delegations yesterday).
Also, we have a system here configured as a secondary server for the RFC 1918 domains, so that we can point customer firewalls to it for their zone transfers (this way, if the original primary moves, we only have to update one system, not all the firewalls). It used to use ns.isi.edu as its primary, but that stopped working on 3/25. Is there a machine that can be used instead?
tools:~#58% whois 172.16 IANA (IANA-BBLK-RESERVED) Internet Assigned Numbers Authority Information Sciences Institute University of Southern California 4676 Admiralty Way, Suite 1001 Marina del Rey, CA 90292-6695
Netname: IANA-BBLK-RESERVED Netblock: 172.16.0.0 - 172.31.0.0
Coordinator: Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org (310) 822-1511
Domain System inverse mapping provided by:
BLACKHOLE.ISI.EDU 128.9.64.26 NS2.INTERNIC.NET 198.41.0.11
tools:~#61% dig -x 172.16 any @blackhole.isi.edu
; <<>> DiG 2.1 <<>> -x any @blackhole.isi.edu ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN
;; ANSWERS: 16.172.in-addr.arpa. 295906 NS RS0.INTERNIC.NET. 16.172.in-addr.arpa. 295906 NS BLACKHOLE.ISI.EDU.
;; AUTHORITY RECORDS: 16.172.in-addr.arpa. 295906 NS RS0.INTERNIC.NET. 16.172.in-addr.arpa. 295906 NS BLACKHOLE.ISI.EDU.
;; ADDITIONAL RECORDS: RS0.INTERNIC.NET. 43877 A 198.41.0.5 BLACKHOLE.ISI.EDU. 25946 A 128.9.64.26
;; Total query time: 427 msec ;; FROM: tools.bbnplanet.com to SERVER: blackhole.isi.edu 128.9.64.26 ;; WHEN: Fri Apr 3 09:39:09 1998 ;; MSG SIZE sent: 37 rcvd: 158
tools:~#63% dig -x 172.16 any @ns2.internic.net
; <<>> DiG 2.1 <<>> -x any @ns2.internic.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr rd; Ques: 1, Ans: 4, Auth: 0, Addit: 2 ;; QUESTIONS: ;; 16.172.in-addr.arpa, type = ANY, class = IN
;; ANSWERS: 16.172.in-addr.arpa. 86400 NS NS.ISI.EDU. 16.172.in-addr.arpa. 86400 NS rs0.internic.net. 16.172.in-addr.arpa. 86400 NS ORB.ISI.EDU. 16.172.in-addr.arpa. 86400 SOA NS.ISI.EDU. bmanning.zed.ISI.EDU. ( 19941005 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 mins) 604800 ; expire (7 days) 86400 ) ; minimum (1 day)
;; ADDITIONAL RECORDS: NS.ISI.EDU. 172800 A 128.9.128.127 rs0.internic.net. 172800 A 198.41.0.5
;; Total query time: 60 msec ;; FROM: tools.bbnplanet.com to SERVER: ns2.internic.net 198.41.0.11 ;; WHEN: Fri Apr 3 09:39:27 1998 ;; MSG SIZE sent: 37 rcvd: 190
-- Barry Margolin, barmar@bbnplanet.com GTE Internetworking, Powered by BBN, Cambridge, MA
-- --bill -- Barry Margolin, barmar@bbnplanet.com GTE Internetworking, Powered by BBN, Cambridge, MA
On Fri, 3 Apr 1998, Barry Margolin wrote:
From: bmanning@isi.edu Posted-Date: Fri, 3 Apr 1998 11:36:10 -0800 (PST) Date: Fri, 3 Apr 1998 11:36:10 -0800 (PST)
The primary for these zones moved to a dedicated server (blackhole.isi.edu) in early february 1998. Due to an unfortunate confluence of events, this week we identified several points of misconfiguration in both zone files and system configuration files. Talking with the sysadmin this morning leads me to believe that the system is working properly.
26% dig -x 172.16 any @blackhole.isi.edu
This is *not* proper, it's a Lame Delegation. That query should return an SOA record and it should have the Authoritative Answer flag set.
There are *still* problems: $ check_soa 16.172.in-addr.arpa. RS0.INTERNIC.NET is not authoritative for 16.172.in-addr.arpa. NS2.INTERNIC.NET is not authoritative for 16.172.in-addr.arpa. BLACKHOLE.ISI.EDU is not authoritative for 16.172.in-addr.arpa. $ check_soa 10.in-addr.arpa. NS2.INTERNIC.NET has serial number 199714 BLACKHOLE.ISI.EDU has serial number 199714 RS0.INTERNIC.NET is not authoritative for 10.in-addr.arpa. $ check_soa 168.192.in-addr.arpa. RS0.INTERNIC.NET is not authoritative for 168.192.in-addr.arpa. NS2.INTERNIC.NET has serial number 199713 BLACKHOLE.ISI.EDU has serial number 199713
participants (3)
-
Barry Margolin -
bmanning@ISI.EDU -
Kevin Steves