nanog mailing list archives

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

From: Doug Barton <dougb () dougbarton us>
Date: Sat, 18 Mar 2017 18:58:52 -0700

On 03/17/2017 10:42 AM, Mark Kosters wrote:

On 3/17/17, 12:26 PM, "NANOG on behalf of William Herrin"
<nanog-bounces () nanog org on behalf of bill () herrin us> wrote:

On Fri, Mar 17, 2017 at 7:52 AM, Romeo Zwart <rz+nng () zwart com>
wrote:

RIPE NCC have issued a statement about the issue here:

https://www.ripe.net/ripe/mail/archives/dns-wg/2017-March/003394.html

Our apologies for the inconvenience caused.


Hmm. That sounds like an ARIN-side bug too. ARIN's code responded to
corrupted data by zeroing out the data instead of using the last
known good data. That's awfully brittle for such a critical service.

Regards, Bill Herrin


Hi Bill,

The analysis was not yet complete when the notice went out from RIPE.
After doing a post-mortum, there were no bugs in ARIN’s software in
regards to this issue. We followed exactly what RIPE told us to do.
When we noticed an issue with RIPE’s updates yesterday, we notified
them as well.

My eyebrows reacted to this the same way Bill's did. It sounds like thisis at least a semi-automated system. Such things should have sanitychecks on the receiving side when told to remove large gobs of data,even if the instructions validate correctly.

More fundamentally, according to the RIPE report they are sending yousomething called "zonelets" which you then process into actual DNS data.Can you say something about the relative merit of this system, vs.simply delegating the right zones to the right parties and letting theDNS do what it was intended to do?

At minimum the fact that this automated system was allowed to wipe outgreat chunks of important data calls it into question. And sure, you canall 3 fix the bugs you found this time around, but up until these bugswere triggered you all thought the system was functioning perfectly, inspite of it ending up doing something that obviously was not intended.


Doug

Current thread:

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations, (continued)
- - - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Jared Mauch (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations valdis . kletnieks (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations George William Herbert (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Mark Kosters (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 17)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Romeo Zwart (Mar 19)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 18)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 18)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 18)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 18)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 18)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 18)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 19)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Brett Frankenberger (Mar 20)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 20)
    - Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 17)
    - Message not available
    - Re: ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Alberto Delgado (Mar 17)

(Thread continues...)