Patrick van Staveren <pvanstave...@mintel.com> writes: > This past Tuesday the 22nd I was witness to a widespread DNS poisoning > problem in China, whereby a lot of DNS queries were all returning the same > IP address, 65.49.2.178. Our websites became unavailable for most of our > customers in China, as with many other websites. ... > I have two questions for anyone: > 1) I've found quite a bit of unofficial news [1] [2] on what happened, but > does anyone know what *actually* happened? The only official news from the > government that I can find says, "It was probably a cyberattack, but > really, we don't know." [3] > 2) As a website & network operator who strives to keep their product always > available, is there anything I can actually do to prevent from this in the > future?
I believe the protocol feature specifically designed to prevent this kind of thing is DNSSEC. However, it seems like the common explanation now is an operator error while administrating the Great Firewall. I don't think there's anything technical you can do about that.
