[dns-operations] R: dns-operationsI: IP change for b.root-servers.net not effective?

Costantino Andrea (Con) andrea.costantino at h3g.it
Tue Oct 24 19:35:53 UTC 2017

I'm from AS 24608, IP range
I'm the ISP... Unless one of my upstream is hijacking, noone is supposed to inject anything in my AS.

Let me have dinner and I'll VPN to office (I'm on mobile now) and get nsid query response.


Il 24 ott 2017 8:41 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> ha scritto:
On Tue, Oct 24, 2017 at 04:43:27PM +0000,
 Costantino Andrea (Con) <andrea.costantino at h3g.it> wrote
 a message of 291 lines which said:

> Yes, I confirm..

Don't forget that name servers, specially anycasted name servers, are
often "shadowed" by rogue servers, when an ISP injects a route in its

Using NSID (message from Wes Hardaker) is often a good heuristic to
spot them, since the rogue server typically don't bother to send back
a correct NSID response.

For instance, RIPE Atlas probes 20778, 22780, 24749, 25652, 25669,
25818, and 32947 all see an answer when they query about b.root-servers.net's IPv4 address. In all these
cases, the answer is not accompanied by a NSID, showing there is a
rogue server (or a transparent DNS proxy redirecting to a resolver).

Probes 17706, 29748, 30356, 31735, and 32895 see the correct answer
but no NSID: rogue server, or middebox stripping NSID option.


CONFIDENTIAL: This E-mail and any attachment are confidential and may contain reserved information. If you are not one of the named recipients, please notify the sender immediately. Moreover, you should not disclose the contents to any other person, or should the information contained be used for any purpose or stored or copied in any form.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171024/1a563095/attachment.html>

More information about the dns-operations mailing list