> On Aug 30, 2016, at 15:50 , valdis.kletni...@vt.edu wrote: > > On Tue, 30 Aug 2016 14:39:10 -0700, Owen DeLong said: > >> I run a pair of nameservers. Let’s call them ns1.company.com >> and ns2.company.com > >> Someone registers example.com and points NS records in the COM zone at my >> nameservers. > > I would have expected that the resulting NXDOMAIN replies from ns1 and ns2 > would usually make this a self-correcting problem.
You don’t get NXDOMAIN when a nameserver gets a request for a zone it doesn’t serve. You either get SERVFAIL or you get NS records back as a referral. > Are there actually people who do this misconfiguration on a zone big enough > for the traffic to matter, and leave it that way for very long before they > clue in that things aren't working right? I'd think that if somebody points > billy-bobs-bait-tackle-and-internet.com at you, it might take you quite some > time to notice - and if somebody whoopsies and points ebay.com's NS records > at you, the resulting disfunction would be noticed fairly soon…. Depends on your definition of “matter”. Also, misconfiguring one important zone doesn’t necessarily generate significantly more traffic than generating a whole lot of unimportant ones. Especially if you misconfigure zones in ip6.arpa or in-addr.arpa as was the case at the beginning of this topic. > (Miscreants who do this intentionally are, of course, a totally different > kettle of fish, and need to be dealt with as micreants....) Yep, though one has to wonder why they would bother. Owen