nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need help in flushing DNS

From: jamie rishaw <j () arpa com>
Date: Thu, 20 Jun 2013 06:57:31 -0500
Smileyface aside, I'm disappointed to see operators simply flushing caches
and not performing at the least a dumpdb for possible future forensic
analysis.
This is what I call the "Windows solution," - 'Oh, just reboot, and it'll
work'.

We're better than that.

(Aren't we?)



On Thu, Jun 20, 2013 at 1:02 AM, Paul Ferguson <fergdawgster () gmail com>wrote:


Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I
have no idea where the poison leaked in, or why. :-)

- ferg

On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie <alex.buie () frozenfeline net>
wrote:


Anyone have news/explanation about what's happening/happened?


On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson <fergdawgster () gmail com
wrote:


Sure enough:



 ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53267
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

 ;; QUESTION SECTION:
 ;yelp.com. IN A

 ;; ANSWER SECTION:
 yelp.com. 300 IN A 204.11.56.20

 ;; Query time: 143 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Thu Jun 20 07:33:13 2013
 ;; MSG SIZE  rcvd: 42





NetRange: 204.11.56.0 - 204.11.59.255
CIDR: 204.11.56.0/22
OriginAS: AS40034
NetName: CONFLUENCE-NETWORKS--TX3
NetHandle: NET-204-11-56-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
Comment: Hosted in Austin TX.
Comment: Abuse :
Comment: abuse () confluence-networks com
Comment: +1-917-386-6118
RegDate: 2012-09-24
Updated: 2012-09-24
Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1

OrgName: Confluence Networks Inc
OrgId: CN
Address: 3rd Floor, Omar Hodge Building, Wickhams
Address: Cay I, P.O. Box 362
City: Road Town
StateProv: Tortola
PostalCode: VG1110
Country: VG
RegDate: 2011-04-07
Updated: 2011-07-05
Ref: http://whois.arin.net/rest/org/CN

OrgAbuseHandle: ABUSE3065-ARIN
OrgAbuseName: Abuse Admin
OrgAbusePhone: +1-917-386-6118
OrgAbuseEmail: abuse () confluence-networks com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN

OrgNOCHandle: NOCAD51-ARIN
OrgNOCName: NOC Admin
OrgNOCPhone: +1-415-462-7734
OrgNOCEmail: noc () confluence-networks com
OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN

OrgTechHandle: TECHA29-ARIN
OrgTechName: Tech Admin
OrgTechPhone: +1-415-358-0858
OrgTechEmail: ipadmin () confluence-networks com
OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

- ferg



On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder <shortdudey123 () gmail com



wrote:


Yelp is evidently also affected

On Wed, Jun 19, 2013 at 10:19 PM, John Levine <johnl () iecc com> wrote:


Reaching out to DNS operators around the globe. Linkedin.com has had

some

issues with DNS

and would like DNS operators to flush their DNS. If you see

www.linkedin.com resolving NS to

ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS.

Any other info please reach out to me off-list.


While you're at it, www.usps.com, www.fidelity.com, and other well
known sites have had DNS poisoning problems.  When I restarted my
cache, they look OK.







--
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com






--
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com





-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs
Previous By Date Next
Previous By Thread Next

Current thread: