[163853] in North American Network Operators' Group
Re: Need help in flushing DNS
daemon@ATHENA.MIT.EDU (Andree Toonk)
Thu Jun 20 04:14:55 2013
Date: Thu, 20 Jun 2013 01:14:27 -0700
From: Andree Toonk <andree+nanog@toonk.nl>
To: Paul Ferguson <fergdawgster@gmail.com>
In-Reply-To: <CANQy6FYpY5_ZiH9=JMYUGDcARmJ=YqPSR16642jqY1sPsT+X3w@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
.-- My secret spy satellite informs me that at 2013-06-20 12:38 AM Paul
Ferguson wrote:
> I have no knowledge of any DDoS -related activity involving Yelp! and
> Prolexic. Even if there is one, the fact that their DNS records have
> been poisoned has not direct relationship to any current DDoS (there
> isn't one that I am aware of).
That's not what I was trying to say.
The domains like yelp, linkedin, craigslist all incorrectly have (or
had) NS record like:
ns1620.ztomy.com. 172800 IN A 204.11.56.20
ns2620.ztomy.com. 172800 IN A 204.11.57.20
Traffic to these IP's is going through Prolexic (see previous mail).
Thought that was interesting...
Andree
