[Collisions] Weird dest IP addr

Wessels, Duane dwessels at verisign.com
Mon Oct 7 15:53:20 UTC 2013 

Its the old address for J-root actually.


On Oct 7, 2013, at 8:49 AM, Kevin White <kwhite at jasadvisors.com>
 wrote:

> Ahh.
> 
> My code actually attempts to deal with this: I have a list of the IP
> addresses, current and historical, for the roots, and I accept data even if
> it is to the old address.
> 
> For some reason, however, I didn't have that particular address for A.
> 
> These are the ones I have multiple addresses for:
> 
>        'b-root' => {
>            'ip' => {
>                '192.228.79.201' => 1,
>                '128.9.0.107' => 1,
>            }
>        },
>        'd-root' => {
>            'ip' => {
>                '199.7.91.13' => 1,
>                '128.8.10.90' => 1,
>        },
>        'l-root' => {
>            'ip' => {
>                '199.7.83.42' => 1,
>                '198.32.64.12' => 1,
>            }
>        },
> 
> So, I should have an a-root entry too?
> 
>        'a-root' => {
>            'ip' => {
>                '198.41.0.4' => 1,
>                '198.41.0.10' => 1,
>            }
>        },
> 
> BTW, there are also IPv6 addresses in my data structure, I just trimmed them
> out.  As far as I can discern, no IPv6 addresses have ever _changed_, i.e. I
> don't have any roots with more than one IPv6 address in my little list.
> 
> Thanks,
> 
> Kevin
> 
> -----Original Message-----
> From: Warren Kumari [mailto:warren at kumari.net] 
> Sent: Monday, October 07, 2013 11:39 AM
> To: Kevin White
> Cc: Warren Kumari; 'collisions at lists.dns-oarc.net'
> Subject: Re: [Collisions] Weird dest IP addr
> 
> 
> On Oct 7, 2013, at 8:28 AM, Kevin White <kwhite at jasadvisors.com> wrote:
> 
>> In the 2008 data for a and j root, I'm seeing a lot of queries destined
> for:
>> 
>> 198.41.0.10
>> 
>> Which isn't the official root server address of anything.
> 
> But it *was* -- AFAIR at the beginning of 1997.
> 
>> 
>> For example:
>> 
>> non-root:
> /mnt/oarc-pool4/DITL-200803/RAW/verisign/a-root-and-old-j-root/20080319/0950
> 17.333638.pcap.gz 2008-03-19 09:50:41.683549 IP 66.152.201.19.1101 >
> 198.41.0.10.53: 53758 A? xpone.home. (28)
>> 
>> My current logic throws that row out (throws out any rows that aren't
> destined for a valid root server IP).
>> 
>> Is there some historical reason why queries to this address in 2008 might
> be considered valid?
> 
> Known issue. A large number of devices / systems simply don't pick up
> changes because of broken priming issues or simply because the don't reprise
> after booting.
> 
> For example: 
> http://conferences.sigcomm.org/imc/2013/papers/imc258s-lentzA.pdf
> http://www.renesys.com/2008/05/identity-theft-hits-the-root-n-1/
> 
> There are many papers that show that once an address is used for a root
> server is it tainted basically forever.
> 
> W
> 
>> 
>> Thank you,
>> 
>> Kevin
>> 
>> _______________________________________________
>> Collisions mailing list
>> Collisions at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/collisions
> 
> --
> Some people are like Slinkies......Not really good for anything but they
> still bring a smile to your face when you push them down the stairs.
> 
> 
> 
> _______________________________________________
> Collisions mailing list
> Collisions at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/collisions

More information about the Collisions mailing list