Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!uflorida!mlb.semi.harris.com!thrush.mlb.semi.harris.com!del
From: del@thrush.mlb.semi.harris.com (Don Lewis)
Newsgroups: comp.protocols.tcp-ip.domains
Subject: Re: BOGUS ROOT SERVERS!!
Message-ID: <1990Nov15.043706.8357@mlb.semi.harris.com>
Date: 15 Nov 90 04:37:06 GMT
References: <9163@ncar.ucar.edu>
Sender: news@mlb.semi.harris.com
Organization: Harris Semiconductor, Melbourne FL
Lines: 22
Nntp-Posting-Host: thrush.mlb.semi.harris.com

We picked up the Mexican triplets last week.  First ADM.BRL.MIL (listed
as a name server for 9.9.192.in-addr.arpa) referred us back to the root
servers on a query for 1.9.9.192.in-addr.arpa.  In the referral message,
it listed LBL.GOV as one of the root servers.  Our name server cached
this information.  Shortly thereafter, we queried LBL.GOV (because we
now thought it was a root server) about ncstate.edu, and it responded
with a delegation back to the root servers, and it listed TELECOM, MTECV1,
and NEXTSRV1 in this list.  Apparently we also got A records as well,
since we then started sending queries to 131.178.1.1 (mtecv1.mty.itesm.mx).

Relevent log entries follow:

Nov  9 13:00:01 slopoke named[20874]: Root NS LBL.GOV received from 192.5.25.4 on query on name [1.9.9.192.in-addr.arpa]

Nov  9 13:56:29 slopoke named[20874]: Root NS TELECOM received from 128.3.254.23 on query on name [ncstate.edu]
Nov  9 13:56:29 slopoke named[20874]: Root NS NEXTSVR received from 128.3.254.23 on query on name [ncstate.edu]
Nov  9 13:56:29 slopoke named[20874]: Root NS MTECV1 received from 128.3.254.23
on query on name [ncstate.edu]
-- 
Don "Truck" Lewis                      Harris Semiconductor
Internet:  del@mlb.semi.harris.com     PO Box 883   MS 62A-028
Phone:     (407) 729-5205              Melbourne, FL  32901