North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The weak link? DNS
I can not go into details, but suffice it to say DNS was just a symptom of other events, not the problem itself. DNS TTL on the global load balancing system was at 5 seconds and DNS load never rose above trivial. ----- Original Message ----- From: "Sean Donelan" <[email protected]> To: <[email protected]> Sent: Wednesday, March 26, 2003 4:09 AM Subject: The weak link? DNS > > Watching the Iraqi Ururklink and Al Jazeera over the weekend what struck > me is how many different ways network administrators can mess up. > Although malicious actors have been trying (and succeeding) to exploit > vulnerabilities, the worst problems seem to be self-inflicted. > > Administrators had used firewalls and locked down their web sites, > sometimes so well they couldn't handle the traffic load. > > But the real weak link was their DNS servers. > > For example, Al Jazeera had time-to-live set of their domain records set > to 15 minutes, making them even more vulnerable to increasing the load > on their systems. Of course, Al Jazeera had other problems too. > > What even stranger about the Iraqi state provider Uruklink.net is the DNS > servers are now self-identifying with earlier (with known bugs) versions > of BIND. Last week the Uruklink name server 62.145.94.1 was running > 8.2.2-P5, but now is running 8.1.2. Although the web site for > www.uruklink.net is up, DNS lookups for www.uruklink.net return various > other IP addresses (not in 62.145.94.0/24). Including some addresses > running web sites claiming the site is "owned." In reality, the site > isn't owned, you are being redirected to a unrelated web site. > >
|