Tue Jun 20 14:13:13 UTC 2006

This morning, on one of my name servers I noticed this error message (time in GMT):

20-Jun-2006 07:55:36.245 default: warning: check_hints: A records for B.ROOT-SERVERS.NET class 1 do not match hint records

When I perform a lookup of B.ROOT-SERVERS.NET against this name server, it gives me no answer:

; <<>> DiG 9.3.2 <<>> @ns4.gannett.com B.ROOT-SERVERS.NET.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15069
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4

;B.ROOT-SERVERS.NET.            IN      A

I dumped the cache and did indeed find the wrong IP for B.ROOT-SERVERS.NET.:

This is the tail of the cache dump:

; --- Hints ---
.       518400  IN      NS      A.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      H.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      C.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      G.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      F.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      B.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      J.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      K.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      L.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      M.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      I.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      E.ROOT-SERVERS.NET.     ;Cl=0
        518400  IN      NS      D.ROOT-SERVERS.NET.     ;Cl=0
K       3600000 IN      A    ;NT=64224 Cl=0
L       3600000 IN      A    ;NT=10426 Cl=0
A       3600000 IN      A      ;NT=10426 Cl=0
M       3600000 IN      A    ;NT=145 Cl=0
B       3600000 IN      A     ;NT=10426 Cl=0
C       3600000 IN      A     ;NT=10428 Cl=0
D       3600000 IN      A     ;NT=10426 Cl=0
E       3600000 IN      A  ;NT=64224 Cl=0
F       3600000 IN      A     ;NT=10426 Cl=0
G       3600000 IN      A    ;NT=64224 Cl=0
H       3600000 IN      A     ;NT=10426 Cl=0
I       3600000 IN      A   ;NT=10426 Cl=0
J       3600000 IN      A   ;NT=10426 Cl=0

I've checked against 8 other name servers of ours and have not seen this issue on any of those - they all have the correct IP for B.ROOT-SERVERS.NET. I'm very glad to see that my name server does not seem to trust this bad A record for B.ROOT-SERVERS.NET.

Any idea how/why this happened? Anything I should do?


