[154616] in North American Network Operators' Group
RE: DNS Changer items
daemon@ATHENA.MIT.EDU (Eric J Esslinger)
Fri Jul 6 14:11:10 2012
X-Barracuda-Envelope-From: eesslinger@fpu-tn.com
From: Eric J Esslinger <eesslinger@fpu-tn.com>
To: "'nanog@nanog.org'" <nanog@nanog.org>
Date: Fri, 6 Jul 2012 13:10:16 -0500
In-Reply-To: <2BC6678E-B339-4DA8-9D2E-9C8B7A89D1EA@merike.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We verified one a while back, who had already had the problem fixed when th=
e FBI sent us the physical mail. Concidering number of internet customers =
in the US vs our internet customers with known number of US subsribers affe=
cted at it's height, I figure if the percentages are good we've taken care =
of several times the number of likely cases on our network with that one cu=
stomer.
*wink*
I'm told by various sources to expect similar stories on the nightly nation=
al news programs tonight, with a similar 'call your isp' ending. I've also =
heard the site IS reachable via ipv6 and they are dealing with the load iss=
ues as we speak (and some people are getting through, albiet slowly).
I'm pretty comfortable about my network; I've been catching dns lookup dest=
inations from my users for months (not contents, just destination ip's) and=
the list of outside addresses covers most of the well know public dns serv=
ers (open dns, google, etc...) with the exception of a handful that seem to=
be running their own full blown recursive caching servers, which go everyw=
here looking for authoritative lookups. (One I knew about, he complains bec=
ause I won't allow his basic cable account act as an open server for his DN=
S when he's out of town. If he wants a static IP I can arrange opening the =
port, till then... He is always welcome to VPN into his home network as wel=
l.)
Been having callers look up their IP, then checking the query logs to see i=
f they hit our dns servers. So far I'm at 100%
I thought of whipping up a script for my recursive DNS servers to setup a w=
ebpage to let them see if they were accessing those servers, but I just don=
't have time right now (fiscal year just started and everyone wants their p=
rojects done 'now'.)
Addendum: Site appears up and fast now. So that's something anyway.
__________________________
Eric Esslinger
Information Services Manager - Fayetteville Public Utilities
http://www.fpu-tn.com/
(931)433-1522 ext 165
> -----Original Message-----
> From: Merike Kaeo [mailto:kaeo@merike.com]
> Sent: Friday, July 06, 2012 1:06 PM
> To: Cameron Byrne
> Cc: nanog@nanog.org
> Subject: Re: DNS Changer items
>
>
> The ISPs who have been proactive in mitigating and
> redirecting have been/are doing this. (global reach here)
>
> The court ordered DNS servers have been up since Nov 9th and
> lots of outreach done....the intent was a graceful ramp down.
> Sadly, the state of folks helping with overall malware
> cleanup is still lots of finger pointing.
>
> FUD with press and over sensationalism not helping.
>
> - merike
>
>
> On Jul 6, 2012, at 10:52 AM, Cameron Byrne wrote:
>
> > So insteading of turning the servers off, would it not have been
> > helpful to have the servers return a "captive portal" type
> of reponse
> > saying "hey, since you use this server, you are broken, go
> here to get
> > fixed"
> >
> > Seems that would have been a more graceful ramp down.
> >
> > CB
>
>
>
This message may contain confidential and/or proprietary information and is=
intended for the person/entity to whom it was originally addressed. Any us=
e by others is strictly prohibited.
