[20571] in North American Network Operators' Group
Re: WARNING: AOL is hosed (again)
daemon@ATHENA.MIT.EDU (Michael Handler)
Fri Oct 16 17:24:26 1998
Date: Fri, 16 Oct 1998 16:51:16 -0400
From: Michael Handler <handler@sub-rosa.com>
To: nanog@merit.edu
In-Reply-To: <199810162011.PAA28644@dilbert.ais.net>
James Rishaw <jamie@dilbert.ais.net> writes:
> You can actually set a domain name so that it cannot be changed, by
> any template, by any modification, correct guardian or NOT.
> I would ass-u-me AOL did this, but obviously their DNS admins aren't
> clued enough to figure this one out.
> Tiem to hire people that know *all* of what they're supposed to do, not
> just what they read out of an ORA book.
Um, as anyone who's dealt with NSI on a non-casual level can tell you,
it's entirely possible that AOL had Guardian set up to disallow any
changes, as well as having the domain ``locked'' against any email changes
at all, and still have an unauthorized change occur. This is *not* the
first time a service-interrupting unauthorized DNS change (deliberate
or accidental) has slipped through NSI, though this is almost definitely
the biggest network to be affected.
And, two years later, the BEFORE-USE Guardian attribute *still*
doesn't work, natch.
ObUsefulInformation:
zone "aol.com" {
type stub;
file "zones/stub-aol.com";
masters {
152.163.200.52;
152.163.200.116;
};
};
[ Only works in BIND 8, but why are you still running 4.9.* anyway?
You can't put this into IOS, but you can put this into the nameservers
that your router uses... :) ]
