Re: [dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency
Very nice and detailed report, I have learned a lot of it! Thanks Alejandro Flores Lopez On Dec 26, 2014 11:56 AM, Damian Menscher dam...@google.com wrote: On Fri, Dec 26, 2014 at 9:27 AM, Anthony Eden anthony.e...@dnsimple.com wrote: We published an incident report after our outage: http://blog.dnsimple.com/2014/12/incident-report-ddos/ I have not yet seen an incident report from Rackspace. Thank you for posting that (I'd forgotten I'd seen it). And thank you for the detailed report, not just describing the root cause (DDoS on DNS servers), but also revealing traffic type and volume (random subdomain attack at 50Mpps/25Gbps) and your internal procedure for responding to it (black-box monitoring to detect the outage, post status notice after 10 minutes, assemble team via a Hangout after 20 minutes, try various technical mitigations, etc). This level of detail is rare in a public report, but greatly appreciated. Hopefully others will learn from your example. Damian On Fri, Dec 26, 2014 at 2:02 AM, Damian Menscher dam...@google.com wrote: Has anyone seen details of the attack styles or volumes? It would be helpful to share attack knowledge with the community so others know what to prepare for. Damian On Wed, Dec 24, 2014 at 1:56 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote: https://news.ycombinator.com/item?id=8784210 After the successful attacks against Rackspace, Namecheap, DNSsimple and 11, it is clear that dDoS attacks against DNS servers are very common this winter, and they succeed :-( ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Software for managing ~1000 domains
Bind using probind as frontend. On Jul 28, 2013 9:17 PM, Simon Lyall si...@darkmere.gen.nz wrote: I was wondering if people here could recommend software for a company to manage around 1000 domains for a company. - Web interface - Scripted interface - Output to bind zone files - handle zones/split-dns - Used by technical people rather than end users. I guess I'd probably prefer running on Linux but Windows isn't a show-stopper. Any recommendations? -- Simon Lyall | Very Busy | Web: http://www.simonlyall.com/ To stay awake all night adds a day to your life - Stilgar | eMT. __**_ dns-operations mailing list dns-operati...@lists.dns-oarc.**net dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/**mailman/listinfo/dns-**operationshttps://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/**mailman/listinfo/dns-jobshttps://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
[dns-operations] weird DNS problem
Hi there This is Alejandro Flores from Mexis, an ISP in Mexico city We are having some weirs issues we would like to share with the list, looking for some help or comment We have 2 authoritative DNS 207.249.67.253 and 207.249.77.253. (ns1.infoacces.net and ns2.infoacces.net) In the last 2 weeks we have been receiving some users reports about problems to have email delivered from our mail server to external email servers (and from external servers to our server). As usual we verify the logs and we started to see problems related with reverse, however our reverse are correct, so we checked the DNS used by the remote provider, the result is that their dns is unable to reach our DNS We check any firewall policy that could be blocking the request but thats not the case. We checked our DNS, but these hasnt been changed in a long time Again, using an external affected DNS we enable the debug, and we noticed that the DNS was unable to get the TLD Servers from the root servers, Thats a theory about the possible reason to the situation. One more weird thing is that just as the problem appeared, just dissapeared from the dns affected and it start to work correctly, but now we received the report from another dns So it looks like the condition that block the dns communication dissapear and then apply to another dns. In this moment for example aol.com is affected, if i try to send me an email from aol the bounce error is - The delivery status notification errors - alejandro.flo...@mexis.net: Host or domain name not found. Name service error for name=mexis.net type=MX: Host not found, try again But if i use gmail or any other email service it works. Any tip or idea to solve this situation? The dns logs just dont show anything, cause the dns request never reach the dns, in fact is the user in a server affected query our dns he receive the correct response, so maybe the problem could be that the dns query is unable to get the authoritative dns... may be. Thanks for any comment Alejandro Flores L. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
