Newsgroups: comp.protocols.tcp-ip.domains
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!mintaka!mintaka.lcs.mit.edu!mib
From: mib@geech.gnu.ai.mit.edu (Michael I Bushnell)
Subject: EDU. bogons
Message-ID: <MIB.91Apr3121950@geech.gnu.ai.mit.edu>
Sender: news@mintaka.lcs.mit.edu
Organization: Free Software Foundation, Cambridge, MA
Date: 3 Apr 91 12:19:50
Lines: 25


Life.ai.mit.edu has been infested with the edu. bogons recently.  

This is the only record it had for edu. in its cache:

edu	95762	IN	NS	ADMIN.JSUMS.EDU.

Whoever was kind enough to present us with this record didn't give us
an A record for admin.jsums.edu, so edu names could no longer be
resolved.

Right after I restarted life's nameserver, albert.gnu.ai.mit.edu got
infected.  This one it had all the correct edu records as well as the
bogon.  This had the amusing result of causing many requests to fail
and nslookup to dump core (neat, huh?).

Admin.jsums.edu is 143.132.1.5.  I wanted to see what the nameserver
there had, but it doesn't respond, and jsums.edu (143.132.1.3) gets
huge numbers of replies per ping sent, looks like TOPS-10 when I
connected with telnet, and doesn't have a responding nameserver.

I hope this helps the people who are dealing with this to find the
source of the bogons.  Sigh.

	-mib