Writeup: it. TLD going astray

[arrigo () ALBOURNE COM (Arrigo Triulzi)]

OK, so the full story is:

1/1/2000 @ approx 10:00 GMT

I start getting weird error messages from a machine in Italy on which
I have some sysadmin responsibility.  Two mailing lists I subscribe to
start reporting weirdos with the .it TLD.

While working on the sunrpc tcpdump logs I notice that one mail being
queued on my boxes for an it. domain is causing lots "port
unreachable" or SERVFAIL messages to come back...

1/1/2000 @ approx 12:00 GMT

Nobody is able to get a domain request answered from dns.nic.it
(primary) or dns2.nic.it - secondaries start losing it. zones and in
particular one it. secondary venere.inet.it loses nic.it completely...

The suggestion that the 8.2.2 hole is responsible for this surfaces on
the mailing lists.  Everyone seems to agree although there is no hard
evidence.

1/1/2000 @ approx 15:00 GMT

I get in touch with colleagues in Italy by phone and after a quick
round of phone calls it transpires that yes, dns.nic.it is not
responding to domain queries.  Furthermore the people responsible have
been contacted but it appears that access to the premises where the
machines are kept is impossible...

2/1/2000 @ approx 10:00 GMT

dns.nic.it is alive again but it appears that hte zones loaded are
from December 15th which causes one of my contacts to have problems as
one of his customers moved on December 16th and now he is rejecting
all e-mail with a "relaying denied" as the zones are now incorrect.
Things are therefore still rather funny with whois.nic.it reporting
the correct entries and the primary DNS propagating old stuff.

No word as to whether it was a hack or simply a machine failure.
Somehow I doubt we will know the truth quickly...

Ciao,

Arrigo