[dns-operations] old root hints still been seen

Bill Owens owens at nysernet.org
Wed Jul 10 19:55:45 UTC 2013


On Sat, Jun 22, 2013 at 03:12:21PM -0400, Jared Mauch wrote:
> While processing some openresolver data (yes, blah blah), I see there are still folks providing root referrals to old root hints:
> 
> 119.151.1.94/53///.^IN^NS^C.PSI.NET|.^IN^NS^TERP.UMD.EDU|.^IN^NS^NS.NASA.GOV|.^IN^NS^NS1.ISI.EDU|.^IN^NS^NS.INTERNIC.NET|.^IN^NS^NS.ISC.org|.^IN^NS^NS.NIC.DDN.MIL|.^IN^NS^AOS.ARL.ARMY.MIL|.^IN^NS^NIC.NORDU.NET
> 194.243.111.98/53///.^IN^NS^C.PSI.NET|.^IN^NS^NS.ISC.org|.^IN^NS^NS.NIC.DDN.MIL|.^IN^NS^NS.NASA.GOV|.^IN^NS^NS.INTERNIC.NET|.^IN^NS^AOS.ARL.ARMY.MIL|.^IN^NS^NIC.NORDU.NET|.^IN^NS^NS1.ISI.EDU|.^IN^NS^TERP.UMD.EDU
> 194.243.111.101/53///.^IN^NS^NS1.ISI.EDU|.^IN^NS^TERP.UMD.EDU|.^IN^NS^C.PSI.NET|.^IN^NS^NS.ISC.org|.^IN^NS^NS.NIC.DDN.MIL|.^IN^NS^NS.NASA.GOV|.^IN^NS^NS.INTERNIC.NET|.^IN^NS^AOS.ARL.ARMY.MIL|.^IN^NS^NIC.NORDU.NET
> 213.209.214.163/53///.^IN^NS^C.PSI.NET|.^IN^NS^NS.ISC.org|.^IN^NS^NS.NIC.DDN.MIL|.^IN^NS^NS.NASA.GOV|.^IN^NS^NS.INTERNIC.NET|.^IN^NS^AOS.ARL.ARMY.MIL|.^IN^NS^NIC.NORDU.NET|.^IN^NS^NS1.ISI.EDU|.^IN^NS^TERP.UMD.EDU
> 213.209.214.165/53///.^IN^NS^NS.INTERNIC.NET|.^IN^NS^AOS.ARL.ARMY.MIL|.^IN^NS^NIC.NORDU.NET|.^IN^NS^NS1.ISI.EDU|.^IN^NS^TERP.UMD.EDU|.^IN^NS^C.PSI.NET|.^IN^NS^NS.ISC.org|.^IN^NS^NS.NIC.DDN.MIL|.^IN^NS^NS.NASA.GOV
> 133.6.42.190/53///.^IN^NS^ns.nasa.gov|.^IN^NS^aos.arl.army.mil|.^IN^NS^ns.nic.ddn.mil|.^IN^NS^ns.internic.net|.^IN^NS^terp.umd.edu|.^IN^NS^ns1.isi.edu|.^IN^NS^c.psi.net|.^IN^NS^ns.isc.org|.^IN^NS^nic.nordu.net
> 63.148.102.230/53///.^IN^NS^NS1.ISI.EDU|.^IN^NS^TERP.UMD.EDU|.^IN^NS^C.PSI.NET|.^IN^NS^NS.ISC.org|.^IN^NS^NS.NASA.GOV|.^IN^NS^NS.INTERNIC.NET|.^IN^NS^AOS.ARL.ARMY.MIL|.^IN^NS^NIC.NORDU.NET
> 
> The last one for version.bind returns this:
> 
> ;; ANSWER SECTION:
> version.bind.		0	CH	TXT	"The Latest and Greatest"
> 
> Very interesting and amusing.  I'm hoping to have more interesting data automatically become available soon.

Late followup on this - seeing it reminded me of the fun we used to have with queries for "C.NYSER.NET", which hasn't been a root for many years. We would log the queries and try to contact the nameserver operators to let them know that their config was wildly out of date. We only occasionally got through to someone, and most of the time the answer was that they'd forgotten about that machine and needed to turn it off. 

I just did a quick check and we only had one hit in the last few days other than what look like Google crawlers. Here's how it responds for version.bind:

$ dig version.bind txt chaos @clrds1.in2p3.fr
...
;; ANSWER SECTION:
version.bind.       0   CH  TXT "9.2.1-CCIN2P3"

Eleven year old software querying a decades old ghost server? Sounds about right.

Bill.

PS - it's an open resolver, too. . .



More information about the dns-operations mailing list