[ale] Re: bellsouth DSL dropped last night

Michael H. Warfield mhw at WittsEnd.com
Thu Dec 6 20:49:05 EST 2007 

On Thu, 2007-12-06 at 20:05 -0500, Adrin wrote:
> Every notice how many ISP have primary and secondary DNSes on the same
> subnet?

	It's not just the ISPs.  Those are merely caching nameservers and, yes,
they should be dispersed and they should have ONE HELL OF A LOT MORE OF
THEM!!!!  But even Microsoft, couple of years ago, got their family
jewels kicked royally because they had all their public authoritative
name servers on a very small subnet.  Some chump^H^H^H^H^Hemployee
managed to screw up a table in the router from their public name servers
to their master (give them credit, they did at least THAT much right -
never make your master name server a public server) and after the TTL
failed to the slaves, all fall down go boom.

	The story continues on that, once they found the problem (the guilty
party had already left his shift before the shift hit the fan) and fixed
it (history is silent on what happened to the unfortunately individual
who committed this sin, when he got back) and got the name servers back
up (only a couple of hours down range), some enterprising individuals
just couldn't let the fun end there and launched DDoS attacks against
the routers that were the single point of failure.  Net result, several
days of downtime.  Now MS has their nameservers distributed through
Akamai.  Live and learn.  Sometimes the hard way.

	In both cases, at least one bcp (best common practice) RFC was
violated.  All to common.  It will happen again.

	That doesn't count the morons who let their registration lapse.


	I've been working on a paper (to be published in the IBN-ISS XFTIM,
X-Force Threat Intelligence Monthly) on "Toward a Robust DNS".  It was
originally suppose to be out this month but it's being pushed back to
next month because of the size (I'm way over the guidelines for that
channel), and because of a recent DNS survey, and because of this
incident.  Maybe I'll do this as a talk, at ALE or AUUG real soon.
Seems like some people need to be reminded of some basic principles some
of us old farts take for granted.


	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list