Root Name Server IP Space Mixup

Recently ICANN changed the IP address for the L.root-servers.net DNS root name server from 198.32.64.12 to 199.7.83.42.  What happened next is interesting.

According to Renesys Blog, three separate sites advertised the IP space containing the previous IP of the L root name server.  One of these sites, ep.net (AS4555) apparently had a legitamate reason to do so - they are the owners of the space.  Two others, Community DNS (AS42909) and Diyixian.com (AS9584) also followed suit.  It's possible that they had permission from the owner to do so.  What's interesting is that these providers apparently operated functioning DNS servers on those IP addresses.  This could be done to redirect (hijack) traffic, but it does not appear to be the case, according to the article.  Apparently no one noticed that this happened because the sites continued to serve up valid root zone responses.

As they point out in the article, why would anyone want do do so?  Root DNS traffic would be a staggering amount of traffic, and the hardware alone to respond to those requests would be pretty impressive.

Hijacked IP space (both accidental and purposeful) is a common phenomenon.  Although BGP announcements should be filtered at the upstream Service Provider (SP), often they are not.  It may be possible that an attacker could exploit this to drive a portion of the Internet traffic through them, or to perform a denial of service on the DNS infrastructure.

Hopefully we'll hear more about what caused the (probably innocuous) advertisements of L.root-servers.net.