Date: Sat Apr 23 11:00:11 2005
Subject: DNS problems at Network Solutions
I had several people mention that they couldn't reach aplawrence.com yesterday. Coincidentally, I also noticed a dramatic decrease in spam (a good thing) and a 30 percent fall-off from normal web traffic (not such a good thing).
I did some investigating and found that the problem seemed to be at Network Solutions, which handles DNS for aplawrence.com and just a few million other folks. I posted a newsgroup question about this, and got confirmation that other people have seen the same problem.
NNTP-Posting-Date: Fri, 22 Apr 2005 20:17:20 -0500
From: Barry Margolin
Subject: Re: More DNS poisoning?
User-Agent: MT-NewsWatcher/3.4 (PPC Mac OS X)
Date: Fri, 22 Apr 2005 21:17:20 -0400
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
Xref: number1.nntp.dca.giganews.com comp.security.misc:80751
In article ,
Tony Lawrence wrote:
> Amazingly enough, although a Comcast customer for internet, I haven't
> seen any DNS problems until today, and even today it seems to be minor
> and intermittent.
> But I have had email from several people today asking if my web site is
> down (it isn't), and I notice that when I ssh out to various sites I'm
> having some trouble with DNS here and there - mostly with names using
> networksolutions for DNS (though it's very hard to tell absolutely of
> course). I don't think the problem is networksoltions because I can
> usually do a dig@oneoftheirservers and get a response, but something is
> broken somewhere - or a big router is having problems somewhere maybe?
> Anybody else noticing this? Of the people I heard from, I know that two
> of them are Verizon customers, but I don't know the others..
> And of course it's also obvious that their dns issue must be
> intermittent also because otherwise I wouldn't have gotten their email
> asking me if I'm down.. :-)
There have been problems with the worldnic.com nameservers all day.
This morning I wasn't able to query many of them at all. Since this
afternoon I have been able to query them directly, but queries through
several ISP's recursive servers, including AT&T, Comcast, and
Level(3)/Verizon, are still failing.
One of my customers owns a domain that Network Solutions hosts, so we
called them and opened a service request. The CSR didn't have a
detailed explanation, just that they've been having server problems.
My current theory is that they've installed firewalls in front of their
nameservers, and they're treating the high-volume queries from ISP
nameservers as a DOS attack and blocking them.
Barry Margolin, firstname.lastname@example.org
*** PLEASE post questions in newsgroups, not directly to me ***