[LINK] DNS outage?

James Collins nospam at ggcs.net.au
Thu Jul 30 08:35:31 AEST 2009


> > > "The Internet" isn't one thing that's of equal reliability or
> > > redundancy. It's a patchwork of many, many disparate networks held
> > > together with string and Blu-Tak. It's a wonder the damn thing
> > > works at all.

Well that's the trouble, sometimes it doesn't :)

Most recently however, there has been a problem (I've been too busy patching
name servers to enter into a discussion about it) which could have caused,
and will probably continue to cause a problem for some time.

https://www.isc.org/node/474

Some clever clogs has found a YAB (Yet Another Bug). This one aborts name
servers. If you don't have any protection in to reload the name server, name
service resolution will fail for that zone after a short period of time.

As the aforementioned document explains, when we were told about this, the
rest of the world was also told how to exploit it, so it hit the ground
running.

This doesn't impact on the issue of traceroutes that fail because of
security though. This is where misconception of the name "internet" comes
in. The "internet" is not the "World Wide Web". The WWW runs on the
internet. Coincidentally, it also tends to refer to Name Server supplied
functions which translate the www.wmit.net into 203.37.213.145 which is an
RFC Protocol for name to IP (internet protocol) translation. That protocol
is under fairly heavy attack right across the "internet". 

And Stil is quite right. Security will stop a lot of diagnostic tools from
working, because a lot of them are used nefariously. However, I would ask
him, and others, to consider why Telstra exist? It is of course to make
money. And how do they make money? Why, through IP traffic over their
network of course. So "No", they don't tend to block ICMP. Indeed, they must
have made about 2 and half Gig of bandwidth out of me over the last month,
JUST in hacker attacks on my network using the protocol, and I'm _very_
secure here, just dropping a lot of packets! So the packets will pass
through Telstra's interface to me, but then ... vanish ... 

I hope that has helped supply some answers, and not too much confusion!

> > I have wondered for a long time why it's called a "net".  The

Because it's short for "network", which regardless of the topology, is what
it is. :)


-- James :) Collins - Head Office * +61-7-3823-5150 *
   ,-_|\    Web Management InterActive Technologies
  /      *  Sydney Office      - +61-2-8011-3237
  \_,-._/   Canberra Office    - +61-2-6100-7721
        v   Fax Number         - +61-7-3823-5152
www.wmit.net - P.O. Box 1073, Capalaba, Qld, 4157








More information about the Link mailing list