On Tue, Apr 12, 2005 at 11:41:16AM +0200, Ernest Byaruhanga <[EMAIL PROTECTED]> wrote a message of 16 lines which said:
> >Do you mean the actual delegation will take place, if I pass > >authentication? > > yes! Well, I did nothing (and specially not fixed the authentication since I'm not the Sotelma) and the domain was nevertheless delegated this night. ~ % dig @ns-pri.ripe.net NS 96.64.217.in-addr.arpa ; <<>> DiG 9.2.4 <<>> @ns-pri.ripe.net NS 96.64.217.in-addr.arpa ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1091 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;96.64.217.in-addr.arpa. IN NS ;; AUTHORITY SECTION: 96.64.217.in-addr.arpa. 172800 IN NS ciwara.sotelma.ml. 96.64.217.in-addr.arpa. 172800 IN NS dogon.sotelma.ml. I assume some sort of cron-driven job found the domain object and added it to the zone. This is technically fine but it seems a serious security hole in Afrinic: I was able to delegate an in-addr.arpa without any authority on the inetnum and without being a LIR. _______________________________________________ afrinic-discuss mailing list [email protected] http://lists.afrinic.net/mailman/listinfo.cgi/afrinic-discuss
