[Collisions] Weird dest IP addr

Warren Kumari warren at kumari.net
Mon Oct 7 15:39:02 UTC 2013

On Oct 7, 2013, at 8:28 AM, Kevin White <kwhite at jasadvisors.com> wrote:

> In the 2008 data for a and j root, I’m seeing a lot of queries destined for:
> Which isn’t the official root server address of anything.

But it *was* -- AFAIR at the beginning of 1997.

> For example:
> non-root: /mnt/oarc-pool4/DITL-200803/RAW/verisign/a-root-and-old-j-root/20080319/095017.333638.pcap.gz 2008-03-19 09:50:41.683549 IP > 53758 A? xpone.home. (28)
> My current logic throws that row out (throws out any rows that aren’t destined for a valid root server IP).
> Is there some historical reason why queries to this address in 2008 might be considered valid?

Known issue. A large number of devices / systems simply don't pick up changes because of broken priming issues or simply because the don't reprise after booting.

For example: 

There are many papers that show that once an address is used for a root server is it tainted basically forever…


> Thank you,
> Kevin
> _______________________________________________
> Collisions mailing list
> Collisions at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/collisions

Some people are like Slinkies......Not really good for anything but they still bring a smile to your face when you push them down the stairs.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.dns-oarc.net/pipermail/collisions/attachments/20131007/f237c44d/attachment.pgp>

More information about the Collisions mailing list