[dns-operations] AT&T DNS Cache Poisoning?

David Conrad drc at virtualized.org
Sat Oct 27 05:25:54 UTC 2012

On Oct 26, 2012, at 10:02 PM, Phil Pennock <dnsop+phil at spodhuis.org> wrote:
> On 2012-10-27 at 04:23 +0000, Tim Huffman wrote:
>> Any ideas what I can do to help my customer? This is the first time
>> we've ever had something like this...
> Continue trying to reach AT&T and the other operators of DNS servers in
> that link?

If it is an attack, I suspect that's going to be a game of whack-a-mole, but I'd agree it's about the only thing that can be done.

> You can look at deploying DNSSEC for their domain, so that those DNS
> resolver operators who deploy validating caches will be immune to this.
> The .edu zone is signed.  If you get ben.edu signed as well, then you've
> done everything technical to help resolvers only get valid data.

Yep, assuming it is cache poisoning. I'm trying to think of alternative explanations, but given reports (e.g., from Frank) that the issue is affecting other resolvers, it's hard to see other answers. A bit odd, given ben.edu isn't very high up on the Alexa (et al) list...


More information about the dns-operations mailing list