North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Open Letter to D-Link about their NTP vandalism
On Sat, Apr 08, 2006 at 03:15:24AM -0400, [email protected] wrote: > On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said: > > > My suggestion is rename from gps -> gps1 and drop the gps > > dns name. That combined with some bind/whatever views that > > scope the dns responses are effective since it's a DNS name. > > That will fix the problem. In 2012 or so. > > I have a hostname that just now saw 500 NTP packets in 112 seconds. OK, so > it's only 5 packets per second. > > Mind you, that hostname *was* at one time a stratum-2 server. But it moved to > a different host on April 7, 2000 - 6 *years* ago. One year after that, it ... So, I've run various services over the years, including at one time being hostmaster at cic.net and dealt with renaming and renumbering our dns servers once or twice. At one time our server spurce.cic.net was numbered 184.108.40.206, and we tried to renumber it to 220.127.116.11. We faced numerous challenges in this, as we had customers that would use it as the secondary dns server so we not only had to get them to change everything, but back in the bind4 days, it was common to stick out-of-zone glue in various files. This could have the impact of dns cache poisoning. We spent a lot of time tracking down the offenders and getting them to fix the zone files. I'm sure still today merit is seeing dns tarffic to 18.104.22.168 and that whatever is at the (still valid dns record) for spruce is seeing dns queries from someones win95 dialup host. This is something that is very common that those who have run dns services have seen. The same is true for any other service out there, uu.net folks are famaliar with having their dns server being used by people that are not their customers anymore for recursion, this is quite common. If networks find this a problem, they should also consider asking the community for support, there may be people willing to add that IP to their various ntp servers, or in the case of dns-anycast, to their existing resolver systems. I do think that the vendor in question here should do something to help. I'm just glad that I don't own any of their products. - jared -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.