First, not so serious, but still an error: All debian.org servers have a mismatch between the delegation and the served data, adding samosa.debian.org as autoritative (I know samosa is listed as primary in the SOA record, but it need not, and should not, be listed as autoritative as long as it's not listed by the delegating servers):
Delegation: [EMAIL PROTECTED]:~$ dig ns debian.org @tld1.ultradns.net ; <<>> DiG 9.3.1 <<>> ns debian.org @tld1.ultradns.net ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12930 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;debian.org. IN NS ;; AUTHORITY SECTION: debian.org. 86400 IN NS spohr.debian.org. debian.org. 86400 IN NS saens.debian.org. debian.org. 86400 IN NS klecker.debian.org. ;; ADDITIONAL SECTION: spohr.debian.org. 86400 IN A 140.211.166.43 saens.debian.org. 86400 IN A 128.101.240.212 klecker.debian.org. 86400 IN A 194.109.137.218 ;; Query time: 51 msec ;; SERVER: 204.74.112.1#53(204.74.112.1) ;; WHEN: Mon May 29 10:40:36 2006 ;; MSG SIZE rcvd: 138 NS-records from klecker: [EMAIL PROTECTED]:~$ dig ns debian.org @klecker.debian.org ; <<>> DiG 9.3.1 <<>> ns debian.org @klecker.debian.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53513 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUESTION SECTION: ;debian.org. IN NS ;; ANSWER SECTION: debian.org. 3600 IN NS saens.debian.org. debian.org. 3600 IN NS spohr.debian.org. debian.org. 3600 IN NS samosa.debian.org. debian.org. 3600 IN NS klecker.debian.org. ;; ADDITIONAL SECTION: saens.debian.org. 3600 IN A 128.101.240.212 spohr.debian.org. 300 IN A 140.211.166.43 samosa.debian.org. 3600 IN A 192.25.206.57 klecker.debian.org. 3600 IN A 194.109.137.218 ;; Query time: 50 msec ;; SERVER: 194.109.137.218#53(194.109.137.218) ;; WHEN: Mon May 29 10:41:25 2006 ;; MSG SIZE rcvd: 175 Second error is much more serious: Some of the servers will sometimes provide 0.0.0.0 as its own address in the additional data: [EMAIL PROTECTED]:~$ dig soa debian.org @saens.debian.org ; <<>> DiG 9.3.1 <<>> soa debian.org @saens.debian.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20147 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;debian.org. IN SOA ;; ANSWER SECTION: debian.org. 3600 IN SOA samosa.debian.org. hostmaster.debian.org. 2006051701 10800 3600 604800 3600 ;; AUTHORITY SECTION: debian.org. 3600 IN NS klecker.debian.org. debian.org. 3600 IN NS saens.debian.org. debian.org. 3600 IN NS spohr.debian.org. debian.org. 3600 IN NS samosa.debian.org. ;; ADDITIONAL SECTION: saens.debian.org. 3600 IN A 0.0.0.0 spohr.debian.org. 300 IN A 140.211.166.43 samosa.debian.org. 3600 IN A 192.25.206.57 klecker.debian.org. 3600 IN A 194.109.137.218 ;; Query time: 128 msec ;; SERVER: 128.101.240.212#53(128.101.240.212) ;; WHEN: Mon May 29 10:47:53 2006 ;; MSG SIZE rcvd: 222 This in spite of it claiming to have the same zone version as e.g. klecker: [EMAIL PROTECTED]:~$ dig soa debian.org @klecker.debian.org ; <<>> DiG 9.3.1 <<>> soa debian.org @klecker.debian.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27220 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;debian.org. IN SOA ;; ANSWER SECTION: debian.org. 3600 IN SOA samosa.debian.org. hostmaster.debian.org. 2006051701 10800 3600 604800 3600 ;; AUTHORITY SECTION: debian.org. 3600 IN NS saens.debian.org. debian.org. 3600 IN NS spohr.debian.org. debian.org. 3600 IN NS samosa.debian.org. debian.org. 3600 IN NS klecker.debian.org. ;; ADDITIONAL SECTION: saens.debian.org. 3600 IN A 128.101.240.212 spohr.debian.org. 300 IN A 140.211.166.43 samosa.debian.org. 3600 IN A 192.25.206.57 klecker.debian.org. 3600 IN A 194.109.137.218 ;; Query time: 52 msec ;; SERVER: 194.109.137.218#53(194.109.137.218) ;; WHEN: Mon May 29 10:48:59 2006 ;; MSG SIZE rcvd: 222 I've seen this bug from both saens and spohr, but can only reproduce it from saens right now. Note that this seems to affect *all* names refering to the authoritative DNS server's own address. For example: [EMAIL PROTECTED]:~$ dig security.debian.org @saens.debian.org ; <<>> DiG 9.3.1 <<>> security.debian.org @saens.debian.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40968 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;security.debian.org. IN A ;; ANSWER SECTION: security.debian.org. 3600 IN A 194.109.137.218 security.debian.org. 3600 IN A 0.0.0.0 ;; AUTHORITY SECTION: debian.org. 3600 IN NS samosa.debian.org. debian.org. 3600 IN NS klecker.debian.org. debian.org. 3600 IN NS saens.debian.org. debian.org. 3600 IN NS spohr.debian.org. ;; ADDITIONAL SECTION: saens.debian.org. 3600 IN A 0.0.0.0 spohr.debian.org. 300 IN A 140.211.166.43 samosa.debian.org. 3600 IN A 192.25.206.57 klecker.debian.org. 3600 IN A 194.109.137.218 ;; Query time: 127 msec ;; SERVER: 128.101.240.212#53(128.101.240.212) ;; WHEN: Mon May 29 10:50:14 2006 ;; MSG SIZE rcvd: 216 Which is why I chose to post this to security. This error may not be possible to abuse, but it will certainly affect peoples ability to apply security updates in a timely manner... Bjørn -- You're probably Moonie yourself. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]