Re: DNS wierdness and cox communications

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Joseph Sinclair
Date:  
To: Main PLUG discussion list
Subject: Re: DNS wierdness and cox communications
Ed wrote:
<<SNIP>>
> check /etc/resolv.conf for the dns you are using - dhcp will
> rewrite/prepend this file if your lease includes dns servers (most do)
>
> if there are delays - check that the first & second nameserver entries
> are reachable - network timeout delays are the most likely delay that
> you might notice. then you can compare how either sets of servers work
> for you.
>
> If you run your own cache, it is time to patch to the latest dns
> server and get ready for DNSSEC, it will be required soon. The recent
> security problem was based on a session intercept (I think, could be
> wrong) so you may have folks seeing incomplete man-in-the-middle
> attacks? outside of your ISP's network.
>
> Anybody able to describe what the new DNS attack would look like to a
> user/in the logs?
> Ed



I'm no expert on this one, but as I understand it, the new attack would appear to the user a lot like old-school cache poisoning; you'd initiate a query for a record and just get wrong results.
It's conceivable that the drops they're seeing could be failed attacks, but it's more likely that it's just poor QoS for DNS queries resulting in excessive packet drops.

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss