[151845] in North American Network Operators' Group
Re: Attack on the DNS ?
daemon@ATHENA.MIT.EDU (Greg Ihnen)
Sat Mar 31 21:15:23 2012
From: Greg Ihnen <os10rules@gmail.com>
In-Reply-To: <20120331.222817.74728386.sthaug@nethelp.no>
Date: Sat, 31 Mar 2012 20:39:56 -0430
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I manage a tiny network in the Amazon, a satellite internet connection =
and decent sized wireless network.
All of my users started complaining yesterday about lost connectivity =
except for Skype. I had no problems. I checked from the users' =
computers and could not resolve domain names (when Skype connects and =
nothing else does it's always been a DNS issue). After much =
troubleshooting I finally fired up Wireshark and saw that the DNS =
servers (or someone appearing to have their IP addresses) were replying =
to our queries with "no such name".
The reason I was having no problems is I'm using OpenDNS' DNSCrypt. With =
DNSCrypt on we have no problems. With good old fashioned unencrypted DNS =
(Googles, OpenDNS', our ISPs) we're barely able to communicate.
Is DNS traffic being directed to bogus servers? Are the real servers =
being overloaded? Am I seeing the results of some kind of DDOS =
mitigation technique?
Is anyone else seeing this?
Greg Ihnen=
