Slashdot Mirror
W2K and MAC OS9 Flood Root Nameservers?
wizzy writes "Irelands toplevel domain registry has a notice on Microsoft and Apple DHCP clients sending dynamic DNS updates per RFC2136. The problem is they are not sufficiently careful about where they send it if they are in RFC1918 space - usually used for behind-firewall addressing, which is where they usually are.. This is resulting in bogus updates being sent at the rate of nearly one million an hour to root nameservers, only to be rejected - as reported on the NANOG mailing list."
This reeks of something that should've been caught in user testing. Unless, of course, Microsoft and Apple decided that they didn't care about the operators of the root nameservers.
Another problem is that people are naming their boxes after popular domains
that they don't own, and the dynamic updates are pounding the hell out of the
domain owners nameservers. If anyone here is doing this, owl.com and jove.com
were two of the domains named.
Sealbeater
-- Its survival of the fittest...and we got the fucking guns!!!
I thought this sounds more like a case of misconfiguration than a bad server itself.
Also, assuming that people are DHCP'ing on a local 192.168.* address space, shouldn't upstream routers (especially those on cable companies and the like) automatically filter out any packets with local addressing as opposed to forwarding them?
Infact you'd think they'd filter out ANY DHCP information coming from their subscribers as opposed to sending it out publically?
"Nothing strengthens authority so much as silence." - Charles de Gaulle
I wonder who copied whose code?
my basic question is, though, mac os 9 and w2k have both been out a LONG time. why is this the first time that anyone's noticed this? you'd think the root servers would be constantly doing a heads-up looking for DDOS's, even accidental ones.
also, i'm trying to pore through the links trying to find an answer, but if anyone works it out before me, could you please post a reply and let me know ? is this JUST windows 2000 and mac os 9, or does it also effect other versions of windows/macos? basically, what spread of mac os versions (9.0 to 9.1.2 or what?) and what spread of windows versions (all windows 2000 service packs?) are affected by this bug?
The real problem is that the default for win2k and winXP is to have that box checked. So anybody who is running win2k and winXP and doesn't have any idea what a dynamic DNS update is (which would probably be the vast majority), is sending these updates. My dynamic DNS provider (dyndns.org -- they dont use RFC2136 to dynamically update) has been sending mails telling its members to turn this option off for over a year now because of all the unnecessary traffic it causes.
Frankly, I'd rather see the OS9 boxes fixed.
:-(
:-(
Apple, at least, is generally pretty good about putting out bugfixes for old products -- they make most of their money on hardware, and don't have a huge incentive to force people to buy a new OS to get their computer to work properly. OTOH, I don't think they ever fixed all the TCP/IP exploits in the latest version of Open Transport that the System 7.5.5 line could run.
Microsoft has been even less good about putting out free fixes for their old products. There are too many known problems that aren't going to get fixed in Win 95 and NT. They also don't usually backport libraries -- I fondly remember someone hacking up the binaries of Win2k's DirectX 5 implementation to work on WinNT. It let me run several DX 5 games that wouldn't otherwise work on NT 4. MS, however, never released DirectX 5 for WinNT. Why would they? It was a big incentive to get peopel to buy Win2k.
MS uses compatibility issues and a lack of bugfixes, not features alone, to drive upgrades of their software.
May we never see th
Look out, I think this is an MS plot
First flood the root servers (running bind), cause them to fail, and then claim that if they ran MS-DNS, this wouldn't be happening.
> So you get what you pay for. You drive down the perceived value of a Microsoft sys adm
Unfortunately, your case doesn't hold so much water.
Back in the day, pro-MS admins pushed Windows when it was obviously a poor choice. You (plural) won, your political agenda cost any number of people trying to do good work stature in their careers, you toppled competetors, and your favorite OS "won". You collectively fought that battle, actually more a multitude of personal power-play agendas, blindly, and at a great cost to very many people. Now, it's clear to a bazillion wannabes what game they have to play - Windows.
Your market is saturating, and your salaries are being adjusted to match. Next time, be more careful when you (again, collectively) foul mouth competing technologies in which you have no knowlege.
Competent admins, in any OS, are fixed at maybe 10% of all admins available. Economics are based on supply and demand, not, ever, "getting what you pay for". When there are 2 people for every 1 job, you can expect lower pay no matter how good those 2 people are.
> who is going to want to use their training to specialize in the market that pays the least
Good question. The Monopoly lives, so it is now (by definition) the only game in town. The only competitor apparent is "Free Software", and that pays even less.
Having done a number of TCO studies in my time, the pro-MS types that fought to advance their power base by pushing MS, only shunted administrative dollars to MS. Admin cost of *NIX are higher, but not so much so as the costs shunted to MS license fees.
So, typical 10000 person Corp paid upwards of US $20 million to upgrade to W2K. That's alot of dollars that are no longer available to admins like you (singular).
Not to be so hard on you... Computers are by their very design intended to capture "improvment" thorough automation, and retain that automation for the express purpose of permenantly "disposing" of the entire related (paid) labor force. Administration is one area that can be vastly "improved" using automation. If we look at "appliances" we see they can, in fact, be improved to require nearly zero admin. Sooner, or later, they will reach that goal and render their keepers redundant.
Computers only need "one good soul" to carefully explain to them "how it's done". After that, a paid labor force is no longer needed to accomplish that goal. Today's IT "market" is based almost exclusively on the inefficencies of its youth. But, markets are designed to eliminate inefficencies as quickly as posssilbe, and your dwindling salary is a manifestation of them doing so.
So, getting into computers is NOT such a wise career choice for people of college age. The number of "computer people" needed will be falling dramatically over the next decade. Good money now, but there just isn't the 40 year horizon one needs to call it a career.
Well it's more of an MS issue (even though OS9 is doing it too). With OS9 it's more like a special case, with Win2k it's a more of a problem because it's a default. Despite the fact that it's pathetically easy to fix, the problem will be actually getting PEOPLE to uncheck a box.
I guess we should be happy that they don't link to Apple and Microsoft as well ;-)
"I love my job, but I hate talking to people like you" (Freddie Mercury)
There's more to systems administration than having irritating dialog boxes asking you to authorize inbound port 80 connections. These types of processes are end user activities, for which it sounds you're more inclined. If you don't have the patience to analyze packet data, don't be a network administrator. Be an end user instead and don't complain about how hard it is to be a system administrator.
Of course, I'm assuming this is your lot. If the original poster hadn't struck a nerve, I doubt you'd have replied. No offense, but network administration is hardly child's play. It's difficult for a reason. Some people aren't qualified to do it. M$ is educating PHBs incorrectly, which was the original poster's point and I agree with it....
www.dedserius.com
VB != VisualBasic
Not to be making ms look better, but to give some people a way to fix it. http://support.microsoft.com/default.aspx?scid=kb; en-us;Q259922
The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive