nanog mailing list archives
Re: Attack on the DNS ?
From: Ameen Pishdadi <apishdadi () gmail com>
Date: Sat, 31 Mar 2012 22:30:10 -0500
Looks like your network has a user or two participating in this retarded attempt to drop the Internet. Thanks, Ameen Pishdadi On Mar 31, 2012, at 8:30 PM, Greg Ihnen <os10rules () gmail com> wrote:
I manage a tiny network in the Amazon, a satellite internet connection and decent sized wireless network. All of my users started complaining yesterday about lost connectivity except for Skype. I had no problems. I checked from the users' computers and could not resolve domain names (when Skype connects and nothing else does it's always been a DNS issue). After much troubleshooting I finally fired up Wireshark and saw that the DNS servers (or someone appearing to have their IP addresses) were replying to our queries with "no such name". The reason I was having no problems is I'm using OpenDNS' DNSCrypt. With DNSCrypt on we have no problems. With good old fashioned unencrypted DNS (Googles, OpenDNS', our ISPs) we're barely able to communicate. Is DNS traffic being directed to bogus servers? Are the real servers being overloaded? Am I seeing the results of some kind of DDOS mitigation technique? Is anyone else seeing this? Greg Ihnen
Current thread:
- Attack on the DNS ? Marshall Eubanks (Mar 31)
- Re: Attack on the DNS ? sthaug (Mar 31)
- Re: Attack on the DNS ? Adrian Minta (Mar 31)
- Re: Attack on the DNS ? sthaug (Mar 31)
- Re: Attack on the DNS ? Lamar Owen (Mar 31)
- Re: Attack on the DNS ? Greg Ihnen (Mar 31)
- Re: Attack on the DNS ? Greg Ihnen (Mar 31)
- Re: Attack on the DNS ? Greg Ihnen (Mar 31)
- Re: Attack on the DNS ? Ameen Pishdadi (Mar 31)
- Re: Attack on the DNS ? sthaug (Mar 31)
- Re: Attack on the DNS ? Valdis . Kletnieks (Mar 31)
- <Possible follow-ups>
- Re: Attack on the DNS ? Stephane Bortzmeyer (Mar 31)