ns.ripe.net is stormed with IN A requests for @.root-servers.net. It looks like this isn't an isolated incident; I received similar reports from one of the other nameservers of root-servers.net.
Given the intensity of the incident (we get 2 times as much requests on this than all other requests combined), I don't believe this is caused by a single bitflip somewhere.
It would be real nice if the maintainers of some 'popular' caching nameservers would do a cache dump (kill -INT named), look if @.root-servers.net is listed somewhere, and send me the details if you find it in your cache.
Our cache contains this: COM 203144 IN NS D.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 203144 IN NS E.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 203144 IN NS I.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 203144 IN NS F.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 203144 IN NS G.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 203144 IN NS A.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 203144 IN NS H.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 203144 IN NS B.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 101382 IN NS @.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 149719 IN NS F.I.ROOT-SERVERS.NET. ;Cr=addtnl [204.97.64.4] 170086 IN NS I.ROOT-SERVERS.LET. ;Cr=addtnl [204.97.64.4] 170086 IN NS F.ROOT-SERVERS.LET. ;Cr=addtnl [204.97.64.4] 170086 IN NS G.ROOT-SERVERS.LET. ;Cr=addtnl [204.97.64.4] 170086 IN NS A.ROOT-SERVERS.LET. ;Cr=addtnl [204.97.64.4] 203144 IN NS C.ROOT-SERVERS.NET. ;Cr=addtnl [206.96.248.2] 86158 IN SOA A.ROOT-SERVERS.NET. HOSTMASTER.INTERNIC.NET. ( 1996032200 10800 900 604800 86400 ) ;Cr=addtnl [192.203.230.10] BTW please don't miss the nasty NS references to [AFGI].ROOT-SERVERS.LET (LLLLLLLLet instead of NNNNNNNNNet) that we cached in addtition to F.I.ROOT-SERVERS.NET due to info from 204.97.64.4 (though it's present at 204.97.64.4 as well) Ruediger Volk ### this .signature is currently under construction ### Deutsche Telekom AG -- Internet Services NIC E-Mail: rv@NIC.DTAG.DE