Re: More DNS poisoning?
From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 04/23/05
- Next message: Canadian Cowboy: "Re: MSAS - "NS Keylogger Personsal Monitor (Key Logger)" Detected?!"
- Previous message: TC: "Re: What is a Certificate?"
- In reply to: Tony Lawrence: "More DNS poisoning?"
- Next in thread: Thriftmeister: "Re: More DNS poisoning?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Apr 2005 21:17:20 -0400
In article <nfKdne9CYvJS2fTfRVn-iw@comcast.com>,
Tony Lawrence <foo@pcunix.com> wrote:
> Amazingly enough, although a Comcast customer for internet, I haven't
> seen any DNS problems until today, and even today it seems to be minor
> and intermittent.
>
> But I have had email from several people today asking if my web site is
> down (it isn't), and I notice that when I ssh out to various sites I'm
> having some trouble with DNS here and there - mostly with names using
> networksolutions for DNS (though it's very hard to tell absolutely of
> course). I don't think the problem is networksoltions because I can
> usually do a dig@oneoftheirservers and get a response, but something is
> broken somewhere - or a big router is having problems somewhere maybe?
>
> Anybody else noticing this? Of the people I heard from, I know that two
> of them are Verizon customers, but I don't know the others..
>
> And of course it's also obvious that their dns issue must be
> intermittent also because otherwise I wouldn't have gotten their email
> asking me if I'm down.. :-)
There have been problems with the worldnic.com nameservers all day.
This morning I wasn't able to query many of them at all. Since this
afternoon I have been able to query them directly, but queries through
several ISP's recursive servers, including AT&T, Comcast, and
Level(3)/Verizon, are still failing.
One of my customers owns a domain that Network Solutions hosts, so we
called them and opened a service request. The CSR didn't have a
detailed explanation, just that they've been having server problems.
My current theory is that they've installed firewalls in front of their
nameservers, and they're treating the high-volume queries from ISP
nameservers as a DOS attack and blocking them.
-- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me ***
- Next message: Canadian Cowboy: "Re: MSAS - "NS Keylogger Personsal Monitor (Key Logger)" Detected?!"
- Previous message: TC: "Re: What is a Certificate?"
- In reply to: Tony Lawrence: "More DNS poisoning?"
- Next in thread: Thriftmeister: "Re: More DNS poisoning?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
