Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!asp
From: asp@uunet.UU.NET (Andrew Partan)
Newsgroups: comp.protocols.tcp-ip.domains
Subject: Re: BOGUS ROOT SERVERS!!
Summary: Coming from MTY.ITESM.MX. ?
Message-ID: <111788@uunet.UU.NET>
Date: 14 Nov 90 03:04:24 GMT
References: <9163@ncar.ucar.edu>
Organization: UUNET Communications Services, Falls Church, VA
Lines: 35

In article <9163@ncar.ucar.edu>, woods@ncar.ucar.edu (Greg Woods) writes:
> I find the following bogus root servers in both the primary and
> secondary servers' caches:
> 
> (root)  nameserver = MTECV1
> (root)  nameserver = TELECOM
> (root)  nameserver = NEXTSVR

I was poking around in a dump of our named's cache and found the
offending records.  I also found A records for them:
	TELECOM. 230636  IN      A       132.254.1.11
	NEXTSVR. 242153  IN      A       132.254.1.6
	MTECV1.  242152  IN      A       131.178.1.1

Now the rest of the hosts in 132.254 are in *.MTY.ITESM.MX.
In fact, there is a MTECV1.MTY.ITESM.MX. with the same A record as the
bogus MTECV1.:
$ORIGIN MTY.ITESM.MX.
mtecv2  49142   IN      A       131.178.1.5
	49142   IN      HINFO   "VAX-6310" "Ultrix"
TECMTYVM        76031   IN      A       131.178.1.7
	76031   IN      HINFO   "IBM-4381" "VM_4.0"
MTECV1  421405  IN      A       131.178.1.1     ; 789
	54794   IN      A       129.117.4.2     ; 961

My guess is that someone at MTY.ITESM.MX. was setting up a zone and
added an extra trailing . where he/she shouldn't have.

The nameservers for ITESM.MX. are:
	ITESM.MX.       86400   NS      mtecv1.mty.itesm.mx.
	ITESM.MX.       86400   NS      emx.utexas.edu.

And from the SOA, the responsible person is root@telecom.rzs.itesm.mx.

	--asp@uunet.uu.net (Andrew Partan)