[65468] in North American Network Operators' Group
RE: Above.net problems ??
daemon@ATHENA.MIT.EDU (Arjan Hulsebos)
Wed Nov 26 12:57:39 2003
From: Arjan Hulsebos <ahulsebos@corp.home.nl>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Wed, 26 Nov 2003 18:57:00 +0100
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C3B446.B1141B82
Content-Type: text/plain;
charset="iso-8859-1"
> Is there any relationship between this "europeanwide"
> above.net failure and the huge amount of
> DNS requests to lockup.zonelabs.com which failed that every
> ISP (at least in France) seem to
> have encountered last night ?
> The zonelabs.com zone is hosted on Above.net NS servers.
The Netherlands were hit as well. We saw a massive flood of queries for
lockup.zonelabs.com, too. It performed a nice DoS on our client name
servers.... :-(
You'd think that an unresponsive nameserver would be flagged dead, and such
information be cached. Does anyone know whether that's actually done in Bind
8.3.4? Or perhaps not by default?
Cheers,
Arjan H
Not even a clue-by-four would work with this clown.
________________________________
dr. Arjan Hulsebos
Security Engineer
Essent Kabelcom, @Home Benelux department
1042 AX Amsterdam
Email: arjanh@corp.home.nl
Tel: +31 20 88 55 407
Mob: +31 6 21 548 777
------_=_NextPart_001_01C3B446.B1141B82
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2657.73">
<TITLE>RE: Above.net problems ??</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>> Is there any relationship between this =
"europeanwide" </FONT>
<BR><FONT SIZE=3D2>> above.net failure and the huge amount of</FONT>
<BR><FONT SIZE=3D2>> DNS requests to lockup.zonelabs.com which =
failed that every </FONT>
<BR><FONT SIZE=3D2>> ISP (at least in France) seem to</FONT>
<BR><FONT SIZE=3D2>> have encountered last night ?</FONT>
<BR><FONT SIZE=3D2>> The zonelabs.com zone is hosted on Above.net NS =
servers. </FONT>
</P>
<P><FONT SIZE=3D2>The Netherlands were hit as well. We saw a massive =
flood of queries for lockup.zonelabs.com, too. It performed a nice DoS =
on our client name servers.... :-(</FONT></P>
<P><FONT SIZE=3D2>You'd think that an unresponsive nameserver would be =
flagged dead, and such information be cached. Does anyone know whether =
that's actually done in Bind 8.3.4? Or perhaps not by =
default?</FONT></P>
<P><FONT SIZE=3D2>Cheers,</FONT>
</P>
<P><FONT SIZE=3D2>Arjan H</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Not even a clue-by-four would work with this =
clown.</FONT>
<BR><FONT SIZE=3D2>________________________________</FONT>
<BR><FONT SIZE=3D2>dr. Arjan Hulsebos</FONT>
<BR><FONT SIZE=3D2>Security Engineer</FONT>
<BR><FONT SIZE=3D2>Essent Kabelcom, @Home Benelux department</FONT>
<BR><FONT SIZE=3D2>1042 AX Amsterdam</FONT>
<BR><FONT SIZE=3D2>Email: arjanh@corp.home.nl</FONT>
<BR><FONT SIZE=3D2>Tel: +31 20 88 55 407</FONT>
<BR><FONT SIZE=3D2>Mob: +31 6 21 548 777</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C3B446.B1141B82--
