Although this list is often used to discuss net politics, the following message is of operational relevance. A campaign against DNS servers running without UDP checksums (a very poor practice with potentially catastrophic results) has been conducted in the newsgroup comp.protocols.tcp-ip.domains for some time. Attached is the latest list of misconfigured machines: 88 in .au alone (I have attached the .au list -- people who have domains in .com or .net will have to check the list themselves.) Cheers, glen -- glen.turner§itd.adelaide.edu.au Network Support Specialist Tel: (08) 8303 3936 Information Technology Division Fax: (08) 8303 4400 University of Adelaide SA 5005 ---. -.- ..... --. -.. -- http://www.adelaide.edu.au/~gturner There are two major products that came out of Berkeley: LSD and UNIX. This is no coincidence. Subject: DNS servers with UDP checksums disabled: a survey Date: 18 Feb 1997 03:58:10 GMT From: fitz§think.com (Tom Fitzgerald) Organization: Thinking Machines Corporation Newsgroups: comp.protocols.tcp-ip.domains,comp.protocols.tcp-ip,comp.system.sun.admin I've done a survey of nameservers running on the net with UDP checksums disabled. Out of 62729 nameservers probed, 2588 of them (4%) have checksums off. Another 1304 nameservers weren't probed but were also detected for one reason or another, meaning 3892 misconfigured nameservers, authoritative for over 73600 domains. The list is 140KB, too large to post, but I've put a copy of it in ftp://ftp.think.com/users/fitz/bad-ns-list.txt for anyone who wants to look at it. Please, check this list for any systems in your domain or in your parent or any child domains, secondaries serving your domain or nameservers at your ISP. If you find any, please do what you can to fix them, or complain to the admin or your ISP. These machines are disasters waiting to happen, for reasons described below. Of particular note are the following machines: o 17 psi.com/psi.net machines, responsible for over 10000 domains including nsf.gov and whitehouse.gov :-). This is up from 13 misconfigured machines detected last June. o rs0.internic.net, authoritative for 146 domains including *.ca, *.es, *.kr and *.us o rs1.internic.net and rs2.internic.net, though they appear to be caching-only. o ns1.earthlink.net, authoritative for 5621 domains. o nic.fonorola.net, 3744 domains o noc.cerf.net, 3350 domains including 4.in-addr.arpa o 23 netcom.com machines, down from 44 as of last June, but still responsible for over 1000 domains. o whitehouse.gov, authority for 240.137.198.in-addr.arpa. o bondy.bondy.orstom.fr and orstom.rio.net, responsible for *.bf, *.ci, *.mg, *.ml, *.mr, *.nc and *.sn o princeton.edu, responsible for *.bi, *.cg, *.ch, *.fr, *.gf, *.rw and *.zr. o ns1.cs.ucl.ac.uk and sun.mhs-relay.ac.uk, responsible for *.uk Nameservers that have UDP checksums disabled can cause corrupted DNS data to be accepted by other nameservers, and propagated around the net for days or weeks, to the suffering of everyone involved. The problem can easily cause your entire domain to seem to be unreachable for mail or WWW access, for days, even though your connection is fine. Once or twice a year this causes corrupted root domain data, which makes the damage orders of magnitude worse. Most of these are almost certainly SunOS 4.1.x systems, which have checksums disabled by default. Checksums can be enabled on these systems with this command: adb -w -k /vmunix /dev/mem << EOF udp_cksum?W1 udp_cksum/W1 EOF This enables checksums both in the currently running kernel and in the vmunix disk image, so it will still be enabled at the next reboot. This fix will NOT survive a kernel rebuild. It must be reapplied every time you install a new /vmunix. For details see Rob Montjoy's SunOS FAQ, posted to comp.sys.sun.admin, or available at rtfm.mit.edu:/pub/usenet-by-group/comp.sys.sun.admin/. This has to be emphasized: if you run a nameserver that's authoritative for any domains at all, it is essential that you enable UDP checksums on it so systems that query you won't accept corrupt responses. If there are non-SunOS systems in this list, I'd like to hear about it, as well as how to enable UDP checksums on such systems if you have any info on this. I'm currently building a list of SOA contact addresses for the 73600 affected domains in preparation for sending warnings out. I'd really like to include fix information for all potentially-relevant systems. A lot of the motivation and workings of this list come from W. Richard Stevens <rstevens§noao.edu> and Steinar Haug <sthaug§nethelp.no>, both of whom have published lists like this in the past. -- Tom Fitzgerald Thinking Machines Corp, Bedford MA, USA A3FC3545C031E735 fitz§think.com (617)276-0400 x4848 3DE72FB31F6028D1 adam.ist.flinders.edu.au 96.129.in-addr.arpa aegir.adl.dmt.csiro.au 238.83.192.in-addr.arpa amarina.ho.bom.gov.au 178.134.in-addr.arpa artemis.cbr.dwe.csiro.au [3 domains] asgard.mlb.dmt.csiro.au 116.130.in-addr.arpa 238.83.192.in-addr.arpa aviation1.ho.bom.gov.au ???? baldrick.ocs.mq.edu.au 111.137.in-addr.arpa barium.agso.gov.au [10 domains] belgium.syd.its.csiro.au 176.122.192.in-addr.arpa bilby.cs.uwa.oz.au ???? bizo.biz.usyd.edu.au ???? boffin.auslig.gov.au 174.143.in-addr.arpa booran.ho.bom.gov.au ???? budapest.ozonline.com.au [6 domains] citadel.cit.gu.edu.au bibliocity.com citecuh.citec.qld.gov.au 242.131.in-addr.arpa cnetns.tcp.csiro.au 118.146.in-addr.arpa 212.231.192.in-addr.arpa crux.rp.csiro.au [5 domains] curly.cc.swin.edu.au 186.136.in-addr.arpa dainfo.dadirect.com.au ???? dance.tap.csiro.au 197.207.192.in-addr.arpa dcetsun.syd.dcet.csiro.au 219.55.192.in-addr.arpa dmsmelb.mel.dms.csiro.au 194.138.in-addr.arpa elk.vut.edu.au 159.140.in-addr.arpa mouth.com pfi.net enterprise.powerup.com.au [5 domains] epa.vic.gov.au ???? exicom.gw.au ???? falcon.abare.gov.au 188.143.in-addr.arpa feenix.slnsw.gov.au ???? flood.ml.csiro.au 12.67.192.in-addr.arpa fpo.telstra.com.au ???? galileo.powerup.com.au [5 domains] halon-ext.woodside.com.au 89.158.in-addr.arpa hedgehog.highway1.com.au netscope.org helios.per.dwr.csiro.au [2 domains] highett.mel.dbce.csiro.au 229.150.in-addr.arpa jupiter.clcs.com.au 209.190.192.in-addr.arpa kyoko.mpx.com.au [38 domains], incl ftn.org lynx.cbr.dit.csiro.au [3 domains] magic.tap.csiro.au 197.207.192.in-addr.arpa ctpm.org mail.telstra.com.au ???? marmion.per.marine.csiro.au ???? mars.clcs.com.au 209.190.192.in-addr.arpa meteorology.ho.bom.gov.au 178.134.in-addr.arpa mineng.minerals.csiro.au ???? minotaur.labyrinth.net.au 172.68.192.in-addr.arpa melb.net rtzcra.com mlb.dpr.csiro.au 180.16.192.in-addr.arpa mpe67.dmpe.csiro.au 140.82.192.in-addr.arpa mundoe.maths.mu.oz.au 208.43.192.in-addr.arpa 250.128.in-addr.arpa myall.awadi.com.au 207.150.in-addr.arpa netmanager-2.dot.gov.au ???? netra.geko.net.au [9 domains] ns.axon.net.au [10 domains] ns1.anu.edu.au [14 domains] ocean.ml.csiro.au 12.67.192.in-addr.arpa orion.gcs.com.au 172.68.192.in-addr.arpa osiris.cs.uow.edu.au 135.70.192.in-addr.arpa oversteer.library.uwa.edu.au 95.130.in-addr.arpa penguin.abare.gov.au 188.143.in-addr.arpa perth.highway1.com.au netscope.org phoenix-f.cbr.dit.csiro.au 146.41.192.in-addr.arpa psych.psy.uq.edu.au ???? pub.dme.nt.gov.au 205.155.in-addr.arpa puma.qimr.edu.au 98.152.in-addr.arpa ram.chiswick.anprod.csiro.au 100.138.192.in-addr.arpa richmond.sri.org.au 59.139.in-addr.arpa saussure.technix.com.au technix.com sequoia.itd.uts.edu.au ???? smamanager-2.sma.gov.au 191.165.in-addr.arpa smamanager.sma.gov.au 191.165.in-addr.arpa sol.ccs.deakin.edu.au ???? sol.dmp.csiro.au 216.245.192.in-addr.arpa solaris.cis.csiro.au ???? sserve.cc.adfa.oz.au 236.131.in-addr.arpa cbr.org styx.cbr.dwr.csiro.au 44.138.in-addr.arpa sun1.menzies.su.edu.au [4 domains] sunb.ocs.mq.edu.au 111.137.in-addr.arpa techway.com.au 92.131.192.in-addr.arpa ten30.qld.ml.csiro.au 212.231.192.in-addr.arpa usop.per.its.csiro.au [7 domains] vallona.csccs.com.au 244.94.192.in-addr.arpa vega.unilinc.edu.au 216.70.192.in-addr.arpa wanda.mel.dit.csiro.au 110.144.in-addr.arpa water.cwr.uwa.edu.au ???? webster.hughes.com.au ???? wraith.internode.com.au ???? xig.exicom.oz.au 240.5.192.in-addr.arpa zonk.geko.net.au [8 domains]Received on Thu Feb 27 1997 - 14:08:58 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:02 UTC