nanog mailing list archives
Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations
From: Doug Barton <dougb () dougbarton us>
Date: Sat, 18 Mar 2017 18:58:52 -0700
On 03/17/2017 10:42 AM, Mark Kosters wrote:
On 3/17/17, 12:26 PM, "NANOG on behalf of William Herrin" <nanog-bounces () nanog org on behalf of bill () herrin us> wrote: On Fri, Mar 17, 2017 at 7:52 AM, Romeo Zwart <rz+nng () zwart com> wrote:RIPE NCC have issued a statement about the issue here: https://www.ripe.net/ripe/mail/archives/dns-wg/2017-March/003394.htmlOur apologies for the inconvenience caused.Hmm. That sounds like an ARIN-side bug too. ARIN's code responded to corrupted data by zeroing out the data instead of using the last known good data. That's awfully brittle for such a critical service. Regards, Bill Herrin Hi Bill, The analysis was not yet complete when the notice went out from RIPE. After doing a post-mortum, there were no bugs in ARIN’s software in regards to this issue. We followed exactly what RIPE told us to do. When we noticed an issue with RIPE’s updates yesterday, we notified them as well.
My eyebrows reacted to this the same way Bill's did. It sounds like this is at least a semi-automated system. Such things should have sanity checks on the receiving side when told to remove large gobs of data, even if the instructions validate correctly.
More fundamentally, according to the RIPE report they are sending you something called "zonelets" which you then process into actual DNS data. Can you say something about the relative merit of this system, vs. simply delegating the right zones to the right parties and letting the DNS do what it was intended to do?
At minimum the fact that this automated system was allowed to wipe out great chunks of important data calls it into question. And sure, you can all 3 fix the bugs you found this time around, but up until these bugs were triggered you all thought the system was functioning perfectly, in spite of it ending up doing something that obviously was not intended.
Doug
Current thread:
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations, (continued)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Jared Mauch (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations valdis . kletnieks (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations George William Herbert (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Mark Kosters (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 17)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Romeo Zwart (Mar 19)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 18)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 18)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 18)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 18)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 18)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 18)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Doug Barton (Mar 19)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Brett Frankenberger (Mar 20)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations William Herrin (Mar 20)
- Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations John Curran (Mar 17)
- Message not available
- Re: ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations Alberto Delgado (Mar 17)