[dns-operations] R: dns-operationsI: IP change for b.root-servers.net not effective?

Andrea Barberio insomniac at slackware.it
Wed Oct 25 09:43:39 UTC 2017


You can automate root-server NSID probing from your location with nsidenumerator, https://github.com/insomniacslk/nsidenumerator (spoiler alert, I'm the author). 


From: "Costantino Andrea (Con)" <andrea.costantino at h3g.it> 
To: "Stephane Bortzmeyer" <bortzmeyer at nic.fr> 
Cc: "dns-operations" <dns-operations at dns-oarc.net> 
Sent: Tuesday, October 24, 2017 8:35:53 PM 
Subject: Re: [dns-operations] R: dns-operationsI: IP change for b.root-servers.net not effective? 

I'm from AS 24608, IP range 62.13.160.0/19. 
I'm the ISP... Unless one of my upstream is hijacking, noone is supposed to inject anything in my AS. 

Let me have dinner and I'll VPN to office (I'm on mobile now) and get nsid query response. 

Ciao, 
A. 


Il 24 ott 2017 8:41 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> ha scritto: 



On Tue, Oct 24, 2017 at 04:43:27PM +0000, 
Costantino Andrea (Con) <andrea.costantino at h3g.it> wrote 
a message of 291 lines which said: 

> Yes, I confirm.. 

Don't forget that name servers, specially anycasted name servers, are 
often "shadowed" by rogue servers, when an ISP injects a route in its 
IGP. 

Using NSID (message from Wes Hardaker) is often a good heuristic to 
spot them, since the rogue server typically don't bother to send back 
a correct NSID response. 

For instance, RIPE Atlas probes 20778, 22780, 24749, 25652, 25669, 
25818, and 32947 all see an answer 192.228.79.201 when they query 
199.9.14.201 about b.root-servers.net's IPv4 address. In all these 
cases, the answer is not accompanied by a NSID, showing there is a 
rogue server (or a transparent DNS proxy redirecting to a resolver). 

Probes 17706, 29748, 30356, 31735, and 32895 see the correct answer 
but no NSID: rogue server, or middebox stripping NSID option. 







CONFIDENTIAL: This E-mail and any attachment are confidential and may contain reserved information. If you are not one of the named recipients, please notify the sender immediately. Moreover, you should not disclose the contents to any other person, or should the information contained be used for any purpose or stored or copied in any form. 

_______________________________________________ 
dns-operations mailing list 
dns-operations at lists.dns-oarc.net 
https://lists.dns-oarc.net/mailman/listinfo/dns-operations 
dns-operations mailing list 
https://lists.dns-oarc.net/mailman/listinfo/dns-operations 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171025/5e8055f7/attachment.html>


More information about the dns-operations mailing list