nanog mailing list archives
Re: China ISPs DNS problems on Jan 22nd - any idea what happened?
From: Geoffrey Keating <geoffk () geoffk org>
Date: 26 Jan 2014 19:50:34 -0800
Patrick van Staveren <pvanstaveren () mintel com> writes:
This past Tuesday the 22nd I was witness to a widespread DNS poisoning problem in China, whereby a lot of DNS queries were all returning the same IP address, 65.49.2.178. Our websites became unavailable for most of our customers in China, as with many other websites.
...
I have two questions for anyone: 1) I've found quite a bit of unofficial news [1] [2] on what happened, but does anyone know what *actually* happened? The only official news from the government that I can find says, "It was probably a cyberattack, but really, we don't know." [3] 2) As a website & network operator who strives to keep their product always available, is there anything I can actually do to prevent from this in the future?
I believe the protocol feature specifically designed to prevent this kind of thing is DNSSEC. However, it seems like the common explanation now is an operator error while administrating the Great Firewall. I don't think there's anything technical you can do about that.
Current thread:
- China ISPs DNS problems on Jan 22nd - any idea what happened? Patrick van Staveren (Jan 26)
- Re: China ISPs DNS problems on Jan 22nd - any idea what happened? Geoffrey Keating (Jan 26)
- Re: China ISPs DNS problems on Jan 22nd - any idea what happened? Patrick W. Gilmore (Jan 26)
- Re: China ISPs DNS problems on Jan 22nd - any idea what happened? Geoffrey Keating (Jan 26)