I had several people mention that they couldn't reach aplawrence.com yesterday. Coincidentally, I also noticed a dramatic decrease in spam (a good thing) and a 30 percent fall-off from normal web traffic (not such a good thing).
I did some investigating and found that the problem seemed to be at Network Solutions, which handles DNS for aplawrence.com and just a few million other folks. I posted a newsgroup question about this, and got confirmation that other people have seen the same problem.
Path: local01.nntp.dca.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Fri, 22 Apr 2005 20:17:20 -0500 From: Barry Margolin
Newsgroups: comp.security.misc Mail-Copies-To: nobody Subject: Re: More DNS poisoning? Organization: Symantec References: User-Agent: MT-NewsWatcher/3.4 (PPC Mac OS X) X-Copies-To: never Date: Fri, 22 Apr 2005 21:17:20 -0400 Message-ID: Lines: 40 NNTP-Posting-Host: 18.104.22.168 X-Complaints-To: email@example.com X-DMCA-Complaints-To: firstname.lastname@example.org X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.32 Xref: number1.nntp.dca.giganews.com comp.security.misc:80751 In article , Tony Lawrence wrote: > Amazingly enough, although a Comcast customer for internet, I haven't > seen any DNS problems until today, and even today it seems to be minor > and intermittent. > > But I have had email from several people today asking if my web site is > down (it isn't), and I notice that when I ssh out to various sites I'm > having some trouble with DNS here and there - mostly with names using > networksolutions for DNS (though it's very hard to tell absolutely of > course). I don't think the problem is networksoltions because I can > usually do a dig@oneoftheirservers and get a response, but something is > broken somewhere - or a big router is having problems somewhere maybe? > > Anybody else noticing this? Of the people I heard from, I know that two > of them are Verizon customers, but I don't know the others.. > > And of course it's also obvious that their dns issue must be > intermittent also because otherwise I wouldn't have gotten their email > asking me if I'm down.. :-) There have been problems with the worldnic.com nameservers all day. This morning I wasn't able to query many of them at all. Since this afternoon I have been able to query them directly, but queries through several ISP's recursive servers, including AT&T, Comcast, and Level(3)/Verizon, are still failing. One of my customers owns a domain that Network Solutions hosts, so we called them and opened a service request. The CSR didn't have a detailed explanation, just that they've been having server problems. My current theory is that they've installed firewalls in front of their nameservers, and they're treating the high-volume queries from ISP nameservers as a DOS attack and blocking them. -- Barry Margolin, email@example.com Arlington, MA *** PLEASE post questions in newsgroups, not directly to me ***
Got something to add? Send me email.
More Articles by Tony Lawrence © 2010-10-28 Tony Lawrence