[dns-operations] Github Down cause of DNS (dyne) problem ?

Patrick W. Gilmore patrick at ianai.net
Fri Oct 21 17:11:37 UTC 2016 

DynDNS is being attacked.

Github, pagerduty, twitter, pingdom, and lots of other people are affected.

Before anyone bitches at github or Dyn, remember that Dyn is far, far better positioned to withstand attacks than a company like github could possibly be on their own. So I think github did the right thing in using Dyn.

Let’s all be clear that Dyn has to be in the top 10 DNS infrastructures on the planet. Possibly the largest that sells DNS as a service. This is a serious attack, and the entire community should help track this miscreant down, then crush them like a bug.

-- 
TTFN,
patrick

> On Oct 21, 2016, at 12:40 PM, Mathieu Goessens <gebura at poolp.org> wrote:
> 
> Hi,
> 
> Anybody seeing the same thing as me ?
> 
> $ dig github.com
> 
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> github.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53105
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;github.com.			IN	A
> 
> ;; Query time: 3001 msec
> ;; SERVER: 192.44.77.1#53(192.44.77.1)
> ;; WHEN: Fri Oct 21 18:34:17 2016
> ;; MSG SIZE  rcvd: 28
> 
> $ dig ns github.com  @a.gtld-servers.net.
> 
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns github.com @a.gtld-servers.net.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9288
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;github.com.			IN	NS
> 
> ;; AUTHORITY SECTION:
> github.com.		172800	IN	NS	ns1.p16.dynect.net.
> github.com.		172800	IN	NS	ns3.p16.dynect.net.
> github.com.		172800	IN	NS	ns2.p16.dynect.net.
> github.com.		172800	IN	NS	ns4.p16.dynect.net.
> 
> $ dig github.com @ns1.p16.dynect.net.
> 
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> github.com @ns2.p16.dynect.net.
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
> Same for ns2,3,4
> 
> Tested from a few AS in France
> 
> -- 
> Mathieu Goessens
> IT consultant.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161021/d75a5176/attachment.html>

More information about the dns-operations mailing list