Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-22 Thread jamie rishaw
Data on June 20 : .COM. : 108,985,894 unique domains + the tld. -> 234,479 NSEC3/RRSIG records, -> 2,253,400 nameserver entries on 831,088 unique IP addresses. .. ish. -jamie On Fri, Jun 21, 2013 at 5:23 PM, Barry Shein wrote: > > I think we need a better measure than number of domains

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread George Herbert
I know how we got here, but perhaps we can take corporate parentage and how big .com is now to -discuss? What happened with the registry data that caused the outage and what can / should be done about it / to prevent it happening again still seem to me to be operational topics. George Willia

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread John Levine
In article <001a01ce6ef9$bf74d4a0$3e5e7de0$@iname.com> you write: >It's 120M if you add the .COM and the .NET's together, both of which NetSol >is responsible for. >http://www.verisigninc.com/en_US/products-and-services/domain-name-services/ >registry-products/tld-zone-access/index.xhtml In late b

RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread Frank Bulk
nicolai-na...@chocolatine.org] Sent: Friday, June 21, 2013 11:16 AM To: nanog@nanog.org Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) On Thu, Jun 20, 2013 at 05:28:17PM -0400, valdis.kletni...@vt.edu wrote: > It's relatively small when you consider there's som

Re: Need help in flushing DNS

2013-06-21 Thread George Herbert
The indications and claim are that the root cause was registrar internal goof, not hostile action against name servers. The story is not yet detailed enough to add up; getting from point A to point B requires steps that so far don't really make sense. A more detailed explanation is hopefully to b

Re: Need help in flushing DNS

2013-06-21 Thread Paul Ferguson
Not sure of some of the underlying details of the mechanics right now. http://news.softpedia.com/news/LinkedIn-Outage-Caused-by-DDOS-Attack-on-Network-Solutions-362473.shtml - ferg On Fri, Jun 21, 2013 at 5:22 PM, Glen Kent wrote: > Hi, > > Do we know which DNS server started leaking the pois

Re: Need help in flushing DNS

2013-06-21 Thread Glen Kent
Hi, Do we know which DNS server started leaking the poisoned entry? Being new to this, i still dont understand how could a hacker gain access to the DNS server and corrupt the entry there? Wouldnt it require special admin rights, etc. to log in? Glen On Thu, Jun 20, 2013 at 11:32 AM, Paul Ferg

RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread John Souvestre
merican Network Operators Group Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) I think ICANN would have to add a delay in where a request was sent out to make sure everyone was on the same page and then what happens the couple thousand (more) times a day that someone i

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread Barry Shein
I think we need a better measure than number of domains (in this case .COM), particularly vs total domains. If it was 100 domains it might seem small, unless that list began with facebook.com, amazon.com, google.com and g*d forbid theworld.com. -- -Barry Shein The World |

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread John Levine
>"Registrar Primary" and "Registrar Auditor" There are certainly registrars who are more security oriented than Netsol. If you haven't followed all of the corporate buying and selling, Netsol is now part of web.com, so their business is more to support web hosting than to be a registrar. I expec

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread David Walker
> https://www.networksolutions.com/blog/2013/06/important-update-for-network-solutions-customers-experiencing-website-issues/ Why are they infinitely looping a script on their web server to check for a cookie? Are these people insane?

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread Nicolai
On Thu, Jun 20, 2013 at 05:28:17PM -0400, valdis.kletni...@vt.edu wrote: > It's relatively small when you consider there's something like 140M .com's Just FWIW, the current size of .com is roughly 109M domains. Someday it will reach 140M but not today. Nicolai

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread Valdis . Kletnieks
On Thu, 20 Jun 2013 23:42:24 -0400, shawn wilson said: > I think Netsol should be fined. Maybe even a class action suite filed > against them for lost business. And that's it. So your contract with NetSol has an SLA guarantee in it, and you can demonstrate that (a) said SLA has been violated and

RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread Kain, Rebecca (.)
PM To: Richard Golodner Cc: nanog@nanog.org Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) At 17:12 20/06/2013 -0500, Richard Golodner wrote: > I think you are reading it the wrong way. Mr.Kletnieks never said it >was okay. He just stated that the

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread Jimmy Hess
On 6/20/13, valdis.kletni...@vt.edu wrote: > > It's relatively small when you consider there's something like 140M .com's Yeah... I'm in agreement about that's probably what is going on... It's relatively small, but absolutely large, and absolute numbers matter. 5 domains is small, 50k is not,

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-21 Thread Jimmy Hess
On 6/20/13, Hal Murray wrote: > Perhaps we should setup a distributed system for checking things rather than > another SPOF. That's distributed both geographically and administratively > and using several code-bases. [snip] I would be in favor of being able to pay two "competitive" to be regis

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Valdis . Kletnieks
On Thu, 20 Jun 2013 20:25:24 -0700, Hal Murray said: > How would you check/verify that the communication path from the monitoring > agency to the right people in your NOC was working correctly? Remember to consider the possible impact of a false-positive report over an unauthenticated channel. Be

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread shawn wilson
I think ICANN would have to add a delay in where a request was sent out to make sure everyone was on the same page and then what happens the couple thousand (more) times a day that someone isn't updated or is misconfigured? I think Netsol should be fined. Maybe even a class action suite filed aga

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Hal Murray
> at what point is the Internet a piece of infrastructure whereby we > actually need a way to watch this thing holistically as it is one system and > not just a bunch of inter-jointed systems? Who's job is it to do nothing but > ensure that the state of DNS and other services is running as it

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Hank Nussbacher
At 17:12 20/06/2013 -0500, Richard Golodner wrote: I think you are reading it the wrong way. Mr.Kletnieks never said it was okay. He just stated that the numbers were trivial when compared to the rest of potential customers being affected. Be cool, Richard Golodner and Netsol

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Hank Nussbacher
At 07:28 21/06/2013 +0900, Randy Bush wrote: netsol screwed up. they screwed up bigtime. they are shoveling kitty litter over it as fast as they can, and they have a professional kitty litter, aka pr, department. They are too busy adding new revenue: http://www.streetinsider.com/Corporate+New

Re: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Timothy Morizot
On Jun 20, 2013 7:30 PM, "Rubens Kuhl" wrote: > In this case of registrar compromise, DS record could have been changed > alongside NS records, so DNSSEC would only have been a early warning, > because uncoordinated DS change disrupts service. As soon as previous > timeouts played out, new DS/NS p

Re: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Rubens Kuhl
On Thu, Jun 20, 2013 at 8:41 PM, Timothy Morizot wrote: > On Jun 20, 2013 5:31 PM, "Randy Bush" wrote: > > and dnssec did not save us. is there anything which could have? > > Hmmm. DNSSEC wouldn't have prevented an outage. But from everything I've > seen reported, had the zones been signed, val

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Jimmy Hess
On 6/20/13, Randy Bush wrote: > netsol screwed up. they screwed up bigtime. they are shoveling kitty > litter over it as fast as they can, and they have a professional kitty > litter, aka pr, department. > but none of this is surprising. > and dnssec did not save us. is there anything which cou

Fwd: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Timothy Morizot
On Jun 20, 2013 5:31 PM, "Randy Bush" wrote: > and dnssec did not save us. is there anything which could have? Hmmm. DNSSEC wouldn't have prevented an outage. But from everything I've seen reported, had the zones been signed, validating recursive resolvers (comcast, google, much of federal gover

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Fred Reimer
I, for one, would not be in favor of an authoritarian rule over DNS, or any other Internet system, to "ensure that the state of [the] service[s] is running as it should." I suppose one could view such an authoritarian rule over (sub) systems to be a good thing, as in there is someone to complain t

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread jamie rishaw
No. The ztomy nameservers appeared in this morning's master .COM zonefile as /authoritative/ for the number of domains I mentioned. It is a clear change from just a couple of days ago, when the listed nameservers were nowhere to be seen. I have solid data to back this up, straight from Verisign

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Phil Fagan
at what point is the Internet a piece of infrastructure whereby we actually need a way to watch this thing holistically as it is one system and not just a bunch of inter-jointed systems? Who's job is it to do nothing but ensure that the state of DNS and other services is running as it should...

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread George Herbert
At the DNS Servers or service provider level, one can (and I often do) have redundant providers. At the registrar level? ... Not with our current infrastructure, as far as I know how. The Internet: Discovering new SPOF since 1969! George William Herbert Sent from my iPhone On Jun 20, 2013,

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Randy Bush
netsol screwed up. they screwed up bigtime. they are shoveling kitty litter over it as fast as they can, and they have a professional kitty litter, aka pr, department. but none of this is surprising. and dnssec did not save us. is there anything which could have? randy

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Richard Golodner
On Thu, 2013-06-20 at 14:42 -0700, RijilV wrote: > On 20 June 2013 14:28, wrote: > > > On Thu, 20 Jun 2013 14:08:18 -0700, Jeff Shultz said: > > > > > "small number of Network Solutions customers" > > > > > > They must be staffed with physicists, astronomers, or economists I > > > don't know

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Bryan Irvine
On Thu, Jun 20, 2013 at 2:49 PM, Randy Bush wrote: > > So it's okay to screw over "nearly fifty thousand" customer domains > because > > there are 140M .com's? > > luckily, none of the rest of us make mistakes > > Ages ago I responded on a Cisco list where the topic was biggest screwup you've mad

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Ryan - Lists
I don't think he was saying that at all. Just stating that from a pure numbers standpoint 50k/140mil is a small percentage. OTOH, I agree to your point - Network Solutions definitely downplayed this in their release. Curiously so. Sent from my iPhone On Jun 20, 2013, at 5:42 PM, RijilV wrote:

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Randy Bush
> So it's okay to screw over "nearly fifty thousand" customer domains because > there are 140M .com's? luckily, none of the rest of us make mistakes

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread RijilV
On 20 June 2013 14:28, wrote: > On Thu, 20 Jun 2013 14:08:18 -0700, Jeff Shultz said: > > > "small number of Network Solutions customers" > > > > They must be staffed with physicists, astronomers, or economists I > > don't know anyone else that would consider "nearly fifty thousand" (from > >

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Valdis . Kletnieks
On Thu, 20 Jun 2013 14:08:18 -0700, Jeff Shultz said: > "small number of Network Solutions customers" > > They must be staffed with physicists, astronomers, or economists I > don't know anyone else that would consider "nearly fifty thousand" (from > a previous post by Phil Fagan) to be a small

RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Gabor Tokaji
e 20, 2013 5:11 PM To: NANOG list Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Wild speculation: netsol says this is a human error incurred during DDOS mitigation. ztomy.com is a wild-card DNS provider that seems to use prolexic. Now imagine someone at netsol or i

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Carsten Bormann
Wild speculation: netsol says this is a human error incurred during DDOS mitigation. ztomy.com is a wild-card DNS provider that seems to use prolexic. Now imagine someone at netsol or its DDOS service providers fat-fingered their DDOS-averting routing in such a way that netsol DNS traffic arrived

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Jeff Shultz
On 6/20/2013 1:46 PM, Jimmy Hess wrote: On 6/20/13, jamie rishaw wrote: It's not poisoning. They somehow were able to modify the NS records; one would presume, at the registrar/s. https://www.networksolutions.com/blog/2013/06/important-update-for-network-solutions-customers-experiencing-webs

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Jimmy Hess
On 6/20/13, jamie rishaw wrote: > It's not poisoning. They somehow were able to modify the NS records; one > would presume, at the registrar/s. https://www.networksolutions.com/blog/2013/06/important-update-for-network-solutions-customers-experiencing-website-issues/ -- -JH

Fwd: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread jamie rishaw
vered' to other nameservers) that show no "updates" in `whois` records. Curiouser and curiouser. Paul? -- Forwarded message -- From: jamie rishaw Date: Thu, Jun 20, 2013 at 3:21 PM Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) To:

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Andrew Fried
Not so easy and straightforward to do. You'll find that a lot of the big names out there frequently tweak DNS, which will result in a non-stop stream of "alerts". Andy Andrew Fried andrew.fr...@gmail.com On 6/20/13 3:57 PM, Jared Mauch wrote: > It seems there may be a need for some sort of 'dns

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread jamie rishaw
It's not poisoning. They somehow were able to modify the NS records; one would presume, at the registrar/s. As far as the logic of the DNS, it is functioning as designed (What's up, Vix!) - There's another aspect of this that caused this situation. Any Alexa or similar people on this list (Goog

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread George Herbert
Poisoning a domain's NS records with localhost will most certainly DOS the domain, yes. I have not yet seen the source of this; if anyone has a clue where the updates are coming from please post the info. Is there anything about ztomy.com that has been seen that's supicious as in they might be th

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread jamie rishaw
I'm rechecking realtime ns1620/2620 DNS right now and, looking at the output, I see an odd number of domains (that have changed) with a listed nameserver of "localhost.". Is this some sort of tactic I'm unaware of? On Thu, Jun 20, 2013 at 2:57 PM, Jared Mauch wrote: > It seems there may be a n

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread Jared Mauch
It seems there may be a need for some sort of 'dns-health' check out there that can be done in semi-realtime. I ran a report for someone earlier today on a domain doing an xref against open resolver data searching for valid responses vs invalid ones. Is this of value? Does it need to be automa

This is a coordinated hacking. (Was Re: Need help in flushing DNS)

2013-06-20 Thread jamie rishaw
This is most definitely a coordinated and planned attack. And by 'attack' I mean hijacking of domain names. I show as of this morning nearly fifty thousand domain names that appear suspicious. I'm tempted to call uscentcom and/or related agencies (which agencies, who the hell knows, as ICE seems

Re: Need help in flushing DNS

2013-06-20 Thread Phil Fagan
Agree'd in these "smaller" scenario's I just wonder if in a larger scale scenario, whatever that might look like, if its necessary. Whereby many organizations who provide "services" are effected. Perhaps the result of a State led campaign topic for another day. On Thu, Jun 20, 2013 at 11:25

Re: Need help in flushing DNS

2013-06-20 Thread Paul Ferguson
I am betting that Netsol doesn't need any more "coordination" at the moment -- their phones are probably ringing off-the-hook. There are still ~400 domains still pointing to the ztomy NS: ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS ; (1 server found) ;; global options: +cmd ;; Got answe

Re: Need help in flushing DNS

2013-06-20 Thread Phil Fagan
I should caveat.coordinate the "recovery" of. On Thu, Jun 20, 2013 at 11:10 AM, Brandon Butterworth wrote: > > Is there an organization that coordinates outages like this amongst the > > industry? > > No, usually they are surprise outages though Anonymous have tried > coordinating a few > >

Re: Need help in flushing DNS

2013-06-20 Thread Brandon Butterworth
> Is there an organization that coordinates outages like this amongst the > industry? No, usually they are surprise outages though Anonymous have tried coordinating a few brandon

Re: Need help in flushing DNS

2013-06-20 Thread Jared Mauch
http://www.networksolutions.com/blog/2013/06/important-update-for-network-solutions-customers-experiencing-website-issues/ - Jared On Jun 19, 2013, at 11:42 PM, Zaid Ali Kahn wrote: > Reaching out to DNS operators around the globe. Linkedin.com has had some > issues with DNS and would like DNS

Re: Need help in flushing DNS

2013-06-20 Thread Niels Bakker
* philfa...@gmail.com (Phil Fagan) [Thu 20 Jun 2013, 17:50 CEST]: Is there an organization that coordinates outages like this amongst the industry? No; all outages on the Internet happen independently from each other and are not coordinated to (not) coincide in any way. -- Niels. -

Re: Need help in flushing DNS

2013-06-20 Thread Phil Fagan
-to-possible-dns-hijacking/ >> > >> >> >> >> Frank >> >> >> >> -Original Message- >> >> From: Jimmy Hess [mailto:mysi...@gmail.com] >> >> Sent: Thursday, June 20, 2013 1:23 AM >> >> To: Paul Fergu

Re: Need help in flushing DNS

2013-06-20 Thread chip
> >> ng/< > http://techcrunch.com/2013/06/19/linkedin-outage-due-to-possible-dns-hijacking/ > > > >> > >> Frank > >> > >> -Original Message----- > >> From: Jimmy Hess [mailto:mysi...@gmail.com] > >> Sent: Thursday, June 20, 2013 1:23

Re: Need help in flushing DNS

2013-06-20 Thread Phil Fagan
> >> > >> Frank > >> > >> -Original Message- > >> From: Jimmy Hess [mailto:mysi...@gmail.com] > >> Sent: Thursday, June 20, 2013 1:23 AM > >> To: Paul Ferguson > >> Cc: NANOG list > >> Subject: Re: Need he

Re: Need help in flushing DNS

2013-06-20 Thread Paul Ferguson
e-due-to-possible-dns-hijacki >> ng/<http://techcrunch.com/2013/06/19/linkedin-outage-due-to-possible-dns-hijacking/> >> >> Frank >> >> -Original Message- >> From: Jimmy Hess [mailto:mysi...@gmail.com] >> Sent: Thursday, June 20, 2013 1:23 AM >> To: P

Re: Need help in flushing DNS

2013-06-20 Thread Phil Fagan
gt; ng/<http://techcrunch.com/2013/06/19/linkedin-outage-due-to-possible-dns-hijacking/> > > Frank > > -Original Message- > From: Jimmy Hess [mailto:mysi...@gmail.com] > Sent: Thursday, June 20, 2013 1:23 AM > To: Paul Ferguson > Cc: NANOG list > Subject: Re: N

RE: Need help in flushing DNS

2013-06-20 Thread Frank Bulk
Subject: Re: Need help in flushing DNS On 6/20/13, Paul Ferguson wrote: > On Wed, Jun 19, 2013 at 10:44 PM, Tom Paseka wrote: >> On Wed, Jun 19, 2013 at 10:32 PM, Patrick W. Gilmore I think "ztomy.com" smells really bad for some reason, looks like 100% advertising; sure doesn

Re: Need help in flushing DNS

2013-06-20 Thread Andrew Sullivan
I am not speaking officially, but the evidence so far is that this was not DNS poisoning, but domain name hijacking. My colleagues will have more to say later today. On Thu, Jun 20, 2013 at 1:19 AM, John Levine wrote: > >Reaching out to DNS operators around the globe. Linkedin.com has had some

Re: Need help in flushing DNS

2013-06-20 Thread jamie rishaw
Smileyface aside, I'm disappointed to see operators simply flushing caches and not performing at the least a dumpdb for possible future forensic analysis. This is what I call the "Windows solution," - 'Oh, just reboot, and it'll work'. We're better than that. (Aren't we?) On Thu, Jun 20, 2013

Re: Need help in flushing DNS

2013-06-20 Thread Charles Richards
I have domains that are *not* expired, which are being affected by this. Domains are hosted via Dynect, and are resolving into this 204.11.56.0/24 range across the globe. Dynect management portal was down until minutes ago as well. - Charles On Jun 20, 2013, at 12:45 AM, David Conrad wrote:

Re: Need help in flushing DNS

2013-06-20 Thread Andree Toonk
Hi, .-- My secret spy satellite informs me that at 2013-06-20 12:38 AM Paul Ferguson wrote: > I have no knowledge of any DDoS -related activity involving Yelp! and > Prolexic. Even if there is one, the fact that their DNS records have > been poisoned has not direct relationship to any current DDo

Re: Need help in flushing DNS

2013-06-20 Thread Andree Toonk
.-- My secret spy satellite informs me that at 2013-06-20 12:31 AM Andree Toonk wrote: > .-- My secret spy satellite informs me that at 2013-06-19 10:34 PM Paul > Ferguson wrote: > >> ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A > >> ;; ANSWER SECTION: >> yelp.com. 300 IN A 204.11.56.20 > > I

Re: Need help in flushing DNS

2013-06-20 Thread Paul Ferguson
I have no knowledge of any DDoS -related activity involving Yelp! and Prolexic. Even if there is one, the fact that their DNS records have been poisoned has not direct relationship to any current DDoS (there isn't one that I am aware of). - ferg On Thu, Jun 20, 2013 at 12:31 AM, Andree Toonk wr

Re: Need help in flushing DNS

2013-06-20 Thread Andree Toonk
.-- My secret spy satellite informs me that at 2013-06-19 10:34 PM Paul Ferguson wrote: > ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A > ;; ANSWER SECTION: > yelp.com. 300 IN A 204.11.56.20 Interesting to see that traffic to this IP addresses is going through prolexic... I guess they're consi

Re: Need help in flushing DNS

2013-06-19 Thread David Conrad
On Jun 19, 2013, at 11:23 PM, Jimmy Hess wrote: > On 6/20/13, Paul Ferguson wrote: >> On Wed, Jun 19, 2013 at 10:44 PM, Tom Paseka wrote: >>> On Wed, Jun 19, 2013 at 10:32 PM, Patrick W. Gilmore > I think "ztomy.com" smells really bad for some reason, looks like > 100% advertising; IIRC, Conf

Re: Need help in flushing DNS

2013-06-19 Thread Jimmy Hess
On 6/20/13, Paul Ferguson wrote: > On Wed, Jun 19, 2013 at 10:44 PM, Tom Paseka wrote: >> On Wed, Jun 19, 2013 at 10:32 PM, Patrick W. Gilmore I think "ztomy.com" smells really bad for some reason, looks like 100% advertising; sure doesn't "appear" to be a DNS hosting provider, I sure can't i

Re: Need help in flushing DNS

2013-06-19 Thread Paul Ferguson
Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I have no idea where the poison leaked in, or why. :-) - ferg On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie wrote: > Anyone have news/explanation about what's happening/happened? > > > On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguso

Re: Need help in flushing DNS

2013-06-19 Thread Grant Ridder
The only apparent link is registration thru network solutions On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie wrote: > Anyone have news/explanation about what's happening/happened? > > > On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson >wrote: > > > Sure enough: > > > > > > > > ; <<>> DiG 9.7.3 <<>>

Re: Need help in flushing DNS

2013-06-19 Thread Alex Buie
Anyone have news/explanation about what's happening/happened? On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson wrote: > Sure enough: > > > > ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NO

Re: Need help in flushing DNS

2013-06-19 Thread Paul Ferguson
On Wed, Jun 19, 2013 at 10:44 PM, Tom Paseka wrote: > On Wed, Jun 19, 2013 at 10:32 PM, Patrick W. Gilmore wrote: > >> On Jun 20, 2013, at 01:30 , Grant Ridder wrote: >> >> > Yelp is evidently also affected >> >> Not from here. >> > > Patrick: > > $ dig NS yelp.com @8.8.8.8 +short > ns1620.ztomy

Re: Need help in flushing DNS

2013-06-19 Thread Tom Paseka
On Wed, Jun 19, 2013 at 10:32 PM, Patrick W. Gilmore wrote: > On Jun 20, 2013, at 01:30 , Grant Ridder wrote: > > > Yelp is evidently also affected > > Not from here. > Patrick: $ dig NS yelp.com @8.8.8.8 +short ns1620.ztomy.com. ns2620.ztomy.com. Some DNS servers have the bad records - TLD fo

Re: Need help in flushing DNS

2013-06-19 Thread Paul Ferguson
Sure enough: ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53267 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;yelp.com. IN A ;; ANS

Re: Need help in flushing DNS

2013-06-19 Thread Patrick W. Gilmore
On Jun 20, 2013, at 01:30 , Grant Ridder wrote: > Yelp is evidently also affected Not from here. If the NS or www points to 204.11.56.0/24 for a production domain/hostname, that's "bad". Yelp seems to be resolving normally for me. -- TTFN, patrick > On Wed, Jun 19, 2013 at 10:19 PM, John L

Re: Need help in flushing DNS

2013-06-19 Thread Grant Ridder
Yelp is evidently also affected On Wed, Jun 19, 2013 at 10:19 PM, John Levine wrote: > >Reaching out to DNS operators around the globe. Linkedin.com has had some > issues with DNS > >and would like DNS operators to flush their DNS. If you see > www.linkedin.com resolving NS to > >ns1617.ztomy.co

Re: Need help in flushing DNS

2013-06-19 Thread John Levine
>Reaching out to DNS operators around the globe. Linkedin.com has had some >issues with DNS >and would like DNS operators to flush their DNS. If you see www.linkedin.com >resolving NS to >ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS. > >Any other info please reach out to me off