On Mar 24, 15:44, Geert Jan de Groot <GeertJan.deGroot@ripe.net> wrote:

It would be real nice if the maintainers of some 'popular' caching nameservers would do a cache dump (kill -INT named), look if @.root-servers.net is listed somewhere, and send me the details if you find it in your cache.

I guess this is what you're looking for: com 463260 IN NS E.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS I.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS F.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS G.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS A.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS H.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS B.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS C.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 463260 IN NS D.ROOT-SERVERS.net. ;Cr=addtnl [199.245.73.2] 203729 IN NS @.ROOT-SERVERS.net. ;Cr=addtnl [192.94.214.100] 337532 IN NS I.ROOT-SERVERS.LET. ;Cr=addtnl [198.71.19.35] 337532 IN NS F.ROOT-SERVERS.LET. ;Cr=addtnl [198.71.19.35] 337532 IN NS G.ROOT-SERVERS.LET. ;Cr=addtnl [198.71.19.35] 337532 IN NS A.ROOT-SERVERS.LET. ;Cr=addtnl [198.71.19.35] 337528 IN NS H.ROOT-SERVERS.LET. ;Cr=addtnl [198.71.19.35] 297856 IN NS F.I.ROOT-SERVERS.NET. ;Cr=addtnl [198.71.19.34] 83517 IN SOA A.ROOT-SERVERS.NET. HOSTMASTER.INTERNIC.NET. ( 1996032200 10800 900 604800 86400 ) ;Cr=addtnl [192.36.148.17] jotun.EU.net% dig @192.94.214.100 com. ns ; <<>> DiG 2.0 <<>> @192.94.214.100 com. ns ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 10 ;; flags: qr rd ra ; Ques: 1, Ans: 15, Auth: 0, Addit: 9 ;; QUESTIONS: ;; com, type = NS, class = IN ;; ANSWERS: com. 392808 NS F.ROOT-SERVERS.net. com. 392808 NS G.ROOT-SERVERS.net. com. 392808 NS A.ROOT-SERVERS.net. com. 392808 NS H.ROOT-SERVERS.net. com. 392808 NS B.ROOT-SERVERS.net. com. 392808 NS C.ROOT-SERVERS.net. com. 392808 NS D.ROOT-SERVERS.net. com. 182865 NS @.ROOT-SERVERS.net. com. 267814 NS F.I.ROOT-SERVERS.net. com. 303622 NS I.ROOT-SERVERS.LET. com. 303622 NS F.ROOT-SERVERS.LET. com. 303622 NS G.ROOT-SERVERS.LET. com. 303622 NS A.ROOT-SERVERS.LET. com. 392808 NS E.ROOT-SERVERS.net. com. 392808 NS I.ROOT-SERVERS.net. ;; ADDITIONAL RECORDS: F.ROOT-SERVERS.net. 156342 A 192.5.5.241 G.ROOT-SERVERS.net. 217670 A 192.112.36.4 A.ROOT-SERVERS.net. 38853 A 198.41.0.4 H.ROOT-SERVERS.net. 604534 A 128.63.2.53 B.ROOT-SERVERS.net. 441895 A 128.9.0.107 C.ROOT-SERVERS.net. 442792 A 192.33.4.12 D.ROOT-SERVERS.net. 348963 A 128.8.10.90 E.ROOT-SERVERS.net. 301944 A 192.203.230.10 I.ROOT-SERVERS.net. 442726 A 192.36.148.17 ;; Sent 1 pkts, answer found in time: 120 msec ;; FROM: jotun.EU.net to SERVER: 192.94.214.100 ;; WHEN: Sun Mar 24 16:13:07 1996 ;; MSG SIZE sent: 21 rcvd: 437 jotun.EU.net% host 192.94.214.100 Name: relay.tis.com Address: 192.94.214.100 jotun.EU.net% The amount of crap floating around in DNS space is actually quite disconcerting. Let's just pick one of the sources shown above: jotun.EU.net% host 199.245.73.2 Name: ns2.MainStreet.Net Address: 199.245.73.2 jotun.EU.net% dig @199.245.73.2 . ns ; <<>> DiG 2.0 <<>> @199.245.73.2 . ns ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 10 ;; flags: qr rd ra ; Ques: 1, Ans: 9, Auth: 0, Addit: 15 ;; QUESTIONS: ;; ., type = NS, class = IN ;; ANSWERS: . 517076 NS H.ROOT-SERVERS.NET. . 517076 NS B.ROOT-SERVERS.NET. . 517076 NS C.ROOT-SERVERS.NET. . 517076 NS D.ROOT-SERVERS.NET. . 517076 NS E.ROOT-SERVERS.NET. . 517076 NS I.ROOT-SERVERS.NET. . 517076 NS F.ROOT-SERVERS.NET. . 517076 NS G.ROOT-SERVERS.NET. . 517076 NS A.ROOT-SERVERS.NET. ;; ADDITIONAL RECORDS: H.ROOT-SERVERS.NET. 577657 A 128.63.2.53 B.ROOT-SERVERS.NET. 577657 A 128.9.0.107 B.ROOT-SERVERS.NET. 203240 A 128.9.0.0 C.ROOT-SERVERS.NET. 442285 A 192.33.4.12 D.ROOT-SERVERS.NET. 577657 A 128.8.10.90 D.ROOT-SERVERS.NET. 39628 A 192.5.5.241 D.ROOT-SERVERS.NET. 254525 A 128.8.10.88 E.ROOT-SERVERS.NET. 577657 A 192.203.230.10 E.ROOT-SERVERS.NET. 175214 A 224.203.230.10 E.ROOT-SERVERS.NET. 310335 A 192.201.230.10 E.ROOT-SERVERS.NET. 164163 A 192.203.228.10 I.ROOT-SERVERS.NET. 577657 A 192.36.148.17 F.ROOT-SERVERS.NET. 519502 A 192.5.5.241 G.ROOT-SERVERS.NET. 521347 A 192.112.36.4 A.ROOT-SERVERS.NET. 577657 A 198.41.0.4 ;; Sent 1 pkts, answer found in time: 224 msec ;; FROM: jotun.EU.net to SERVER: 199.245.73.2 ;; WHEN: Sun Mar 24 16:16:05 1996 ;; MSG SIZE sent: 17 rcvd: 408 jotun.EU.net% OK, what's that with D.ROOT-SERVERS.NET, three addresses? jotun.EU.net% host 192.5.5.241 Name: f.root-servers.net Address: 192.5.5.241 jotun.EU.net% host 128.8.10.90 Name: d.root-servers.net Address: 128.8.10.90 jotun.EU.net% host 128.8.10.88 128.8.10.88 does not exist (Authoritative answer) jotun.EU.net% trc 128.8.10.88 traceroute to 128.8.10.88 (128.8.10.88), 30 hops max, 40 byte packets 1 Amsterdam2.NL.EU.net (193.242.90.1) 2 ms 3 ms 2 ms 2 Amsterdam5.NL.EU.net (134.222.85.5) 3 ms 3 ms 2 ms 3 Vienna2.VA.US.EU.net (134.222.228.18) 86 ms 89 ms 91 ms 4 mae-east.digex.net (192.41.177.115) 98 ms 104 ms 97 ms 5 core1-hssi-2.us.dca.digex.net (206.205.246.1) 92 ms 88 ms 87 ms 6 umd-gate.digex.net (206.205.243.2) 106 ms 96 ms 113 ms 7 csc2gw-f0.umd.edu (128.8.1.225) 111 ms 90 ms 100 ms 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * csc2gw-f0.umd.edu (128.8.1.225) 101 ms !H 15 * * csc2gw-f0.umd.edu (128.8.1.225) 91 ms !H Or E.ROOT-SERVERS.NET? jotun.EU.net% host 192.203.230.10 Name: E.ROOT-SERVERS.NET Address: 192.203.230.10 jotun.EU.net% host 192.201.230.10 192.201.230.10 does not exist (Authoritative answer) jotun.EU.net% trc 192.201.230.10 traceroute to 192.201.230.10 (192.201.230.10), 30 hops max, 40 byte packets 1 Amsterdam2.NL.EU.net (193.242.90.1) 4 ms 3 ms 2 ms 2 Amsterdam5.NL.EU.net (134.222.85.5) 3 ms 5 ms 3 ms 3 Amsterdam5.NL.EU.net (134.222.85.5) 6 ms !H * * 4 Amsterdam5.NL.EU.net (134.222.85.5) 6 ms !H * 12 ms !H jotun.EU.net% host 192.203.228.10 192.203.228.10 does not exist (Authoritative answer) jotun.EU.net% trc 192.203.228.10 traceroute to 192.203.228.10 (192.203.228.10), 30 hops max, 40 byte packets 1 Amsterdam2.NL.EU.net (193.242.90.1) 2 ms 2 ms 2 ms 2 Amsterdam5.NL.EU.net (134.222.85.5) 2 ms 3 ms 3 ms 3 Vienna2.VA.US.EU.net (134.222.228.18) 93 ms 85 ms 92 ms 4 mae-east-plusplus.washington.mci.net (192.41.177.181) 337 ms 134 ms 160 ms 5 borderx1-hssi2-0.Washington.mci.net (204.70.74.101) 127 ms 114 ms 98 ms 6 core-fddi-0.Washington.mci.net (204.70.2.1) 92 ms 127 ms 127 ms 7 core1-hssi-4.LosAngeles.mci.net (204.70.1.177) 244 ms 269 ms 310 ms 8 border3-fddi-0.LosAngeles.mci.net (204.70.170.19) 340 ms 281 ms 312 ms 9 telstra-internet.LosAngeles.mci.net (204.70.173.6) 498 ms 587 ms 544 ms 10 Fddi0-0.pad-core1.Sydney.telstra.net (139.130.249.226) 716 ms 441 ms 510 ms 11 Serial4-2.wel-core1.Perth.telstra.net (139.130.238.1) 526 ms 630 ms 599 ms 12 Fddi0-0.wel1.Perth.telstra.net (139.130.238.227) 680 ms 619 ms 699 ms 13 frontdoor.DIALix.COM (192.203.228.4) 728 ms frontdoor2.DIALix.COM (192.203.228.6) 682 ms frontdoor.DIALix.COM (192.203.228.4) 634 ms 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * Not to mention 224.203.230.10 .... -- ====== ___ === Per G. Bilse, Mgr Network Operations Ctr ===== / / / __ ___ _/_ ==== EUnet Communications Services B.V. ==== /--- / / / / /__/ / ===== Singel 540, 1017 AZ Amsterdam, NL === /___ /__/ / / /__ / ====== tel: +31 20 6233803, fax: +31 20 6224657 === ======= 24hr emergency number: +31 20 421 0865 === Connecting Europe since 1982 === http://www.EU.net; e-mail: bilse@EU.net

I couldn't see anything weird; but I left a copy of the dump as ftp://ftp.eunet.no/pub/named_dump.960225.gz This is a dump from relay.eunet.no, it keeps track of a lot of domains, and may not be active. It IS used as nameserver by a lot of customers, we get around 80 requests a second. ___ === / / / __ ___ _/_ === Morten Reistad <mrr@eunet.no> === /--- / / / / /__/ / === Technical Manager === /___ /__/ / / /__ / === EUnet Norway AS === Connecting Europe since 1982 === phone +47 8100 0001 ext 206