[Collisions] Weird dest IP addr

Kevin White kwhite at jasadvisors.com
Mon Oct 7 16:11:30 UTC 2013

The problem is, there is "bad" data in these captures.  One of the roots in
particular seems to leak a whole bunch of stuff in.

At some point, the RAW was turned into CLEAN, following a procedure somewhat
like this.  I'm just trying to duplicate that with a code base that can be
shared with anyone who cares.

If anyone has any tips/suggestions, I'm all ears.



-----Original Message-----
From: Jim Reid [mailto:jim at rfc1035.com] 
Sent: Monday, October 07, 2013 12:07 PM
To: Kevin White
Cc: Warren Kumari; 'collisions at lists.dns-oarc.net'
Subject: Re: [Collisions] Weird dest IP addr

On 7 Oct 2013, at 16:49, Kevin White <kwhite at jasadvisors.com> wrote:

> I should have an a-root entry too?

Probably. But it would be for j-root since that's what used to occupy

Hopefully someone at IANA can give you chapter and verse on which IP
addresses have been used by which root servers since DNS was first deployed.
And when these changed.

I'd be wary of strict checking of destination addresses or coupling these to
specific root servers. It's possible the pcaps have traffic which goes to
the "real" IP address of an anycast instance, say for monitoring/alerting
purposes. [ie Is the box at anycast location foo working OK?] Those
addresses may well be information that an RSO is less than keen to share.
And they may also change from time to time too. :-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4869 bytes
Desc: not available
URL: <http://lists.dns-oarc.net/pipermail/collisions/attachments/20131007/e8aa518d/attachment-0001.bin>

More information about the Collisions mailing list