[11459] in North American Network Operators' Group
Re: TLD .ES screw up
daemon@ATHENA.MIT.EDU (Eric Germann)
Wed Jul 30 12:58:59 1997
Date: Wed, 30 Jul 1997 12:32:02 -0400
To: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
From: Eric Germann <ekgermann@cctec.com>
Cc: nanog@merit.edu, tld-admin@ripe.net, hostmaster@nic.es
At 06:01 PM 7/30/97 +0200, Miguel A. Sanz. RedIRIS/CSIC wrote:
>So my questions now:
>
>Does any one know a direct way to reach the InterNIC technical staff to solve
>this kind of urgent problems?
>
Flaming them on NANOG seems to work, but you get singed in the process
also. Try markk@internic.net. He seemed helpful. From him:
"Hostmaster receives at least 20K pieces of mail a day. If you have an
operational issue of this nature, feel free to send it to action@internic.net.
The people who are responsible for monitoring the roots also read that box."
Let us know how [un]responsive action@internic.net is!
>Shouldn't there be a specific set up of procedures, forms and communication
>channels between the managers of the root zone and the TLD managers?
>
Apparently they're still drafting those.
>Any help will be appreciated.
>
>Miguel A. Sanz
>ES-NIC
>
>__________________ __ ______________________
> /_/
>Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es
>RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152
>Serrano 142 __ Fax: + 34 1 5855146
>E-28006 Madrid /_/
>SPAIN Network Manager
>____________ Spanish Academic & Research Network ________________________
>
>
>
>--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC"
<miguel.sanz@rediris.es>
>
>Date: Wed, 30 Jul 1997 15:05:45 +0200 (MET DST)
>From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
>To: "David H. Holtzman" <dholtz@internic.net>
>Subject: (Fwd) EMERGENCY TLD .ES
>Cc: hostmaster@nic.es
>
>
>Please take quick action on this and report back!
>
>We will wait a couple more hours before escalating this to IANA and
>TLD list.
>
>Regards,
>
>Miguel A. Sanz
>ES-NIC
>
>
>--- Forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC"
<miguel.sanz@rediris.es>
>
>Date: Wed, 30 Jul 1997 11:49:59 +0200 (MET DST)
>From: "Miguel A. Sanz. RedIRIS/CSIC" <miguel.sanz@rediris.es>
>To: hostmaster@internic.net
>Subject: EMERGENCY TLD .ES
>Cc: cert@rediris.es, Mark Kosters <markk@internic.net>, hostmaster@nic.es
>
>
>
>Dear hostmaster,
>
>I am the technical contact of the top level domain for Spain (".es").
>
>Much to our surprise we discover yesterday that a new unauthorized NS was
>popping up in everybody's caches for the ".es" zone.
>
>At first we thought that a cache infection attack (the kind of Alternic's
>against InterNIC) was taking place and spread the word that everybody in
>the country upgrade to the recent versions of BIND.
>
>However, some places running BIND-4.9.6 and 8.1.1 were also infected!!!
>
>We the went to check InterNIC's database and ... the problem is there!!!
>
>InterNIC has made a change in the delegation of the ".es" zone without
>our request, knowledge or consent. Instead of the authorized nameservers
>which are:
>
> SUN.REDIRIS.ES 130.206.1.2
> CHICO.REDIRIS.ES 130.206.1.3
> PRADES.CESCA.ES 192.94.163.152
> NS.EUNET.ES 193.127.1.11
> SUNIC.SUNET.SE 192.36.125.2 192.36.148.18
> NS.EU.NET 192.16.202.11
> RS0.INTERNIC.NET 198.41.0.5
> NS.UU.NET 137.39.1.3
> MUNNARI.OZ.AU 128.250.1.21 128.250.22.2
>
>You have now:
>
> SUN.REDIRIS.ES 130.206.1.2
> CHICO.REDIRIS.ES 130.206.1.3
> PRADES.CESCA.ES 192.94.163.152
> LINUX2.DYCSA.ES 195.53.97.1
> SUNIC.SUNET.SE 192.36.125.2 192.36.148.18
> NS.EU.NET 192.16.202.11
> RS0.INTERNIC.NET 198.41.0.5
> NS.UU.NET 137.39.1.3
>
>For unkown reasons an unauthorized change has been made to the root
>zone and the InterNIC database. You have placed a bogus NS
>LINUX2.DYCSA.ES instead of the legal one: NS.EUNET.ES !!!
>
>Please CORRECT this as soon as possible and restart the root server.
>
>We would also like that you open an investigation about this case
>to know if this has been caused by some InterNIC's internal error
>or by an intentional ill will request made by someone.
>
>Please keep as inform about your actions to correct this error and
>of the results of your internal investigation.
>
>Regards,
>
>Miguel A. Sanz (MAS122)
>ES-NIC
>
>__________________ __ ______________________
> /_/
>Miguel A. Sanz __ __ Email: miguel.sanz@rediris.es
>RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 1 5855152
>Serrano 142 __ Fax: + 34 1 5855146
>E-28006 Madrid /_/
>SPAIN Network Manager
>____________ Spanish Academic & Research Network ________________________
>
>
>
>
>---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC"
><miguel.sanz@rediris.es>
>
>
>---End of forwarded mail from "Miguel A. Sanz. RedIRIS/CSIC"
><miguel.sanz@rediris.es>
>
>
============================================================================
====
Eric Germann Computer and Communications Technologies
ekgermann@cctec.com Van Wert, OH 45891
Phone: 419 968 2640
http://www.cctec.com Fax: 419 968 2641
Network Design, Connectivity & System Integration Services
A Microsoft Solution Provider
