Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!CND.HP.COM!pma
From: pma@CND.HP.COM
Newsgroups: comp.protocols.tcp-ip.domains
Subject: Re: NIC net 10 address pollution
Message-ID: <9004110140.AA15827@ucbvax.Berkeley.EDU>
Date: 10 Apr 90 16:40:42 GMT
References: <1990Apr9.200832.22698@mlb.semi.harris.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: inet
Organization: The Internet
Lines: 76


> I just checked what our name server thought the root name servers
> are and not only was the NIC's 10 address there, there were also
> .arpa's!  I sure wish that BIND had an option to log who pollutes
> its cache.

Here is a code segment for ns_resp.c that I had used a while ago
to track down this problem for us.  The problem was the result of
a parent saying that server X was authoritative for domain Y when,
in fact, server X was not authoritative.  When server X was questioned
about domain Y, it sometimes responded with NS records for the root
(depending on whether it didn't find any other NS records on its
walk up the tree.)

A way to solve the problem without a code change is to make sure that
the servers that are registered for a domain really are authoritative
for that domain.  I wrote a program to check all our subdomain delegations
so we are better at managing our own domain.

paul
==========
*** /tmp/,RCSt1a00312	Tue Apr 10 09:21:15 1990
--- /tmp/,RCSt2a00312	Tue Apr 10 09:21:20 1990
***************
*** 1038,1044
  			fprintf(ddt,"update failed (DATAEXISTS)\n");
  #endif
  		(void) free((char *)dp);
! 	} else if (type == T_NS && savens != NULL)
  		*savens = dp;
  	return (cp - rrp);
  }

--- 1038,1062 -----
  			fprintf(ddt,"update failed (DATAEXISTS)\n");
  #endif
  		(void) free((char *)dp);
! 	} else if (type == T_NS && savens != NULL){
! #ifdef TRACEROOT
! 		char qname[MAXDNAME];
! 		int qn;
! 		/*
! 		** Trace where roots NS records come from
! 		*/
! 		qname[0] = '\0';
! 		qn = dn_expand(msg, msg + msglen, msg + sizeof(HEADER), qname,
! 							sizeof(qname));
! 		if (qn < 0) 
! 			{ qname[0] = '?'; qname[1] = '\0';}
! 		else if (qname[0] == '\0')
! 			{ qname[0] = '.'; qname[1] = '\0';}
!         	if ((dname[0] == '\0') && (zone == 0)) 
!                	      syslog(LOG_ERR, 
! 		           "For question \"%s\", added root NS record for %s from %s\n",
!                                    qname, data, inet_ntoa(from_addr.sin_addr));
! #endif
  		*savens = dp;
  	}
  	return (cp - rrp);
***************
*** 1040,1045
  		(void) free((char *)dp);
  	} else if (type == T_NS && savens != NULL)
  		*savens = dp;
  	return (cp - rrp);
  }
  

--- 1058,1064 -----
                                     qname, data, inet_ntoa(from_addr.sin_addr));
  #endif
  		*savens = dp;
+ 	}
  	return (cp - rrp);
  }