13 Feb
1997
13 Feb
'97
9:32 p.m.
This problem is definitely occuring on h.root-servers.net at the
present time as documented below (similar to results that I see just
arrived in my mailbox from <jh@yahoo.com>. However, an earlier log
from our support department shows that d.root-servers.net and
possibly e.root-servers.net were also having this problem within
the past 60-90 minutes. (also see below)
; <<>> DiG 2.0 <<>> @g.root-servers.net mail.scruznet.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd; Ques: 1, Ans: 0, Auth: 2, Addit: 2
;; QUESTIONS:
;; mail.scruznet.com, type = A, class = IN
;; AUTHORITY RECORDS:
SCRUZNET.com. 172800 NS NS.SCRUZ.NET.
SCRUZNET.com. 172800 NS NS2.SCRUZ.NET.
;; ADDITIONAL RECORDS:
NS.SCRUZ.NET. 172800 A 165.227.1.1
NS2.SCRUZ.NET. 172800 A 165.227.2.10
;; Total query time: 433 msec
;; FROM: ns.scruz.net to SERVER: g.root-servers.net 192.112.36.4
;; WHEN: Thu Feb 13 18:19:47 1997
;; MSG SIZE sent: 35 rcvd: 123
; <<>> DiG 2.0 <<>> @h.root-servers.net mail.scruznet.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10
;; flags: qr aa rd; Ques: 1, Ans: 0, Auth: 1, Addit: 0
;; QUESTIONS:
;; mail.scruznet.com, type = A, class = IN
;; AUTHORITY RECORDS:
. 86400 SOA A.ROOT-SERVERS.NET. hostmaster.INTERNIC.NET. (
1997021100 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 mins)
604800 ; expire (7 days)
86400 ) ; minimum (1 day)
;; Total query time: 157 msec
;; FROM: ns.scruz.net to SERVER: h.root-servers.net 128.63.2.53
;; WHEN: Thu Feb 13 18:19:47 1997
;; MSG SIZE sent: 35 rcvd: 108
--
earlier (sorry, nslookup, not dig)
--
> server d.root-servers.net
Default Server: d.root-servers.net
Served by:
- rs0.internic.net
198.41.0.5
ROOT-SERVERS.net
- ns.ripe.net
193.0.0.193
ROOT-SERVERS.net
- gw.home.vix.com
192.5.5.1
ROOT-SERVERS.net
> cygnus.com
Server: d.root-servers.net
Served by:
- rs0.internic.net
198.41.0.5
ROOT-SERVERS.net
- ns.ripe.net
193.0.0.193
ROOT-SERVERS.net
- gw.home.vix.com
192.5.5.1
ROOT-SERVERS.net
Name: cygnus.com
Served by:
- C.ROOT-SERVERS.NET
192.33.4.12
com
- D.ROOT-SERVERS.NET
128.8.10.90
com
- E.ROOT-SERVERS.NET
192.203.230.10
com
- I.ROOT-SERVERS.NET
192.36.148.17
com
- F.ROOT-SERVERS.NET
192.5.5.241
com
- G.ROOT-SERVERS.NET
192.112.36.4
com
- A.ROOT-SERVERS.NET
198.41.0.4
com
- H.ROOT-SERVERS.NET
128.63.2.53
com
- B.ROOT-SERVERS.NET
128.9.0.107
com
14 Feb
14 Feb
2:10 a.m.
On Thu, 13 Feb 1997, Matthew Kaufman wrote: Certain individual(s) on the iahc-discuss list have made statements that they intend to attack the Internet root servers. I have no idea if this is the result of such an attack or not. Just a FYI. > > This problem is definitely occuring on h.root-servers.net at the > present time as documented below (similar to results that I see just > arrived in my mailbox from <jh@yahoo.com>. However, an earlier log > from our support department shows that d.root-servers.net and > possibly e.root-servers.net were also having this problem within > the past 60-90 minutes. (also see below) > > ; <<>> DiG 2.0 <<>> @g.root-servers.net mail.scruznet.com > ; (1 server found) > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 > ;; flags: qr rd; Ques: 1, Ans: 0, Auth: 2, Addit: 2 > ;; QUESTIONS: > ;; mail.scruznet.com, type = A, class = IN > > ;; AUTHORITY RECORDS: > SCRUZNET.com. 172800 NS NS.SCRUZ.NET. > SCRUZNET.com. 172800 NS NS2.SCRUZ.NET. > > ;; ADDITIONAL RECORDS: > NS.SCRUZ.NET. 172800 A 165.227.1.1 > NS2.SCRUZ.NET. 172800 A 165.227.2.10 > > ;; Total query time: 433 msec > ;; FROM: ns.scruz.net to SERVER: g.root-servers.net 192.112.36.4 > ;; WHEN: Thu Feb 13 18:19:47 1997 > ;; MSG SIZE sent: 35 rcvd: 123 > > > ; <<>> DiG 2.0 <<>> @h.root-servers.net mail.scruznet.com > ; (1 server found) > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10 > ;; flags: qr aa rd; Ques: 1, Ans: 0, Auth: 1, Addit: 0 > ;; QUESTIONS: > ;; mail.scruznet.com, type = A, class = IN > > ;; AUTHORITY RECORDS: > . 86400 SOA A.ROOT-SERVERS.NET. hostmaster.INTERNIC.NET. ( > 1997021100 ; serial > 10800 ; refresh (3 hours) > 900 ; retry (15 mins) > 604800 ; expire (7 days) > 86400 ) ; minimum (1 day) > > ;; Total query time: 157 msec > ;; FROM: ns.scruz.net to SERVER: h.root-servers.net 128.63.2.53 > ;; WHEN: Thu Feb 13 18:19:47 1997 > ;; MSG SIZE sent: 35 rcvd: 108 > > -- > earlier (sorry, nslookup, not dig) > -- > > server d.root-servers.net > Default Server: d.root-servers.net > Served by: > - rs0.internic.net > 198.41.0.5 > ROOT-SERVERS.net > - ns.ripe.net > 193.0.0.193 > ROOT-SERVERS.net > - gw.home.vix.com > 192.5.5.1 > ROOT-SERVERS.net > > > > cygnus.com > Server: d.root-servers.net > Served by: > - rs0.internic.net > 198.41.0.5 > ROOT-SERVERS.net > - ns.ripe.net > 193.0.0.193 > ROOT-SERVERS.net > - gw.home.vix.com > 192.5.5.1 > ROOT-SERVERS.net > > > Name: cygnus.com > Served by: > - C.ROOT-SERVERS.NET > 192.33.4.12 > com > - D.ROOT-SERVERS.NET > 128.8.10.90 > com > - E.ROOT-SERVERS.NET > 192.203.230.10 > com > - I.ROOT-SERVERS.NET > 192.36.148.17 > com > - F.ROOT-SERVERS.NET > 192.5.5.241 > com > - G.ROOT-SERVERS.NET > 192.112.36.4 > com > - A.ROOT-SERVERS.NET > 198.41.0.4 > com > - H.ROOT-SERVERS.NET > 128.63.2.53 > com > - B.ROOT-SERVERS.NET > 128.9.0.107 > com > Hank Nussbacher IAHC member [the views expressed above belong to the author and do not necessarily reflect the views of the other IAHC members]
4:48 a.m.
On Fri, 14 Feb 1997, Hank Nussbacher wrote:
Certain individual(s) on the iahc-discuss list have made statements that they intend to attack the Internet root servers. I have no idea if this is the result of such an attack or not. Just a FYI.
The first one on the list to publicly issue the threat was Bob Allisat. This man is a rabble rouser and his public statement did not clearly indicate that he would do this himself but that he would urge others to initiate attacks on all the root nameservers. Since he hangs out on a lot of fringe USENET groups it is entirely possible that he has begun inciting others to take action. As many of you know, a skilled propogandist can be more dangerous than a man with a gun. These are the four actions he is calling for: STAGE TWO: - Electronic conflict... - Disable conventional Name Servers... - Flood Internic/IANA/ISOC/NSI/SAIC... - Point target Individuals... I think that root nameserver operators should collect any data that could be used in detecting the source of these problems. Michael Dillon - Internet & ISP Consulting Memra Software Inc. - Fax: +1-250-546-3049 http://www.memra.com - E-mail: michael@memra.com
10174
Age (days ago)
10174
Last active (days ago)
2 comments
3 participants
participants (3)
-
Hank Nussbacher -
matthew@scruz.net -
Michael Dillon