RE: DNS Changer items

[Eric J Esslinger <eesslinger () fpu-tn com>]

We verified one a while back, who had already had the problem fixed when the FBI sent us the physical mail.  
Concidering number of internet customers in the US vs our internet customers with known number of US subsribers 
affected at it's height, I figure if the percentages are good we've taken care of several times the number of likely 
cases on our network with that one customer.
*wink*
I'm told by various sources to expect similar stories on the nightly national news programs tonight, with a similar 
'call your isp' ending. I've also heard the site IS reachable via ipv6 and they are dealing with the load issues as we 
speak (and some people are getting through, albiet slowly).

I'm pretty comfortable about my network; I've been catching dns lookup destinations from my users for months (not 
contents, just destination ip's) and the list of outside addresses covers most of the well know public dns servers 
(open dns, google, etc...) with the exception of a handful that seem to be running their own full blown recursive 
caching servers, which go everywhere looking for authoritative lookups. (One I knew about, he complains because I won't 
allow his basic cable account act as an open server for his DNS when he's out of town. If he wants a static IP I can 
arrange opening the port, till then... He is always welcome to VPN into his home network as well.)

Been having callers look up their IP, then checking the query logs to see if they hit our dns servers. So far I'm at 
100%

I thought of whipping up a script for my recursive DNS servers to setup a webpage to let them see if they were 
accessing those servers, but I just don't have time right now (fiscal year just started and everyone wants their 
projects done 'now'.)

Addendum: Site appears up and fast now. So that's something anyway.

__________________________
Eric Esslinger
Information Services Manager - Fayetteville Public Utilities
http://www.fpu-tn.com/
(931)433-1522 ext 165



> -----Original Message-----
> From: Merike Kaeo [mailto:kaeo () merike com]
> Sent: Friday, July 06, 2012 1:06 PM
> To: Cameron Byrne
> Cc: nanog () nanog org
> Subject: Re: DNS Changer items
>
>
> The ISPs who have been proactive in mitigating and
> redirecting have been/are doing this.  (global reach here)
>
> The court ordered DNS servers have been up since Nov 9th and
> lots of outreach done....the intent was a graceful ramp down.
>  Sadly, the state of folks helping with overall malware
> cleanup is still lots of finger pointing.
>
> FUD with press and over sensationalism not helping.
>
> - merike
>
>
> On Jul 6, 2012, at 10:52 AM, Cameron Byrne wrote:
>
> > So insteading of turning the servers off, would it not have been
> > helpful to have the servers return a "captive portal" type
> of reponse
> > saying "hey, since you use this server, you are broken, go
> here to get
> > fixed"
> >
> > Seems that would have been a more graceful ramp down.
> >
> > CB

This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it 
was originally addressed. Any use by others is strictly prohibited.