wrong IP for a root server
Maria Iano
maria at iano.org
Tue Jun 20 14:13:13 UTC 2006
This morning, on one of my name servers I noticed this error message (time in GMT):
20-Jun-2006 07:55:36.245 default: warning: check_hints: A records for B.ROOT-SERVERS.NET class 1 do not match hint records
When I perform a lookup of B.ROOT-SERVERS.NET against this name server, it gives me no answer:
; <<>> DiG 9.3.2 <<>> @ns4.gannett.com B.ROOT-SERVERS.NET.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15069
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;B.ROOT-SERVERS.NET. IN A
I dumped the cache and did indeed find the wrong IP for B.ROOT-SERVERS.NET.:
This is the tail of the cache dump:
; --- Hints ---
$ORIGIN .
. 518400 IN NS A.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS H.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS C.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS G.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS F.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS B.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS J.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS K.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS L.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS M.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS I.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS E.ROOT-SERVERS.NET. ;Cl=0
518400 IN NS D.ROOT-SERVERS.NET. ;Cl=0
$ORIGIN ROOT-SERVERS.NET.
K 3600000 IN A 193.0.14.129 ;NT=64224 Cl=0
L 3600000 IN A 198.32.64.12 ;NT=10426 Cl=0
A 3600000 IN A 198.41.0.4 ;NT=10426 Cl=0
M 3600000 IN A 202.12.27.33 ;NT=145 Cl=0
B 3600000 IN A 128.9.0.107 ;NT=10426 Cl=0
C 3600000 IN A 192.33.4.12 ;NT=10428 Cl=0
D 3600000 IN A 128.8.10.90 ;NT=10426 Cl=0
E 3600000 IN A 192.203.230.10 ;NT=64224 Cl=0
F 3600000 IN A 192.5.5.241 ;NT=10426 Cl=0
G 3600000 IN A 192.112.36.4 ;NT=64224 Cl=0
H 3600000 IN A 128.63.2.53 ;NT=10426 Cl=0
I 3600000 IN A 192.36.148.17 ;NT=10426 Cl=0
J 3600000 IN A 192.58.128.30 ;NT=10426 Cl=0
I've checked against 8 other name servers of ours and have not seen this issue on any of those - they all have the correct IP for B.ROOT-SERVERS.NET. I'm very glad to see that my name server does not seem to trust this bad A record for B.ROOT-SERVERS.NET.
Any idea how/why this happened? Anything I should do?
Thanks,
Maria
More information about the bind-users
mailing list