[nsp-sec] dns issues?

[Mike Lewinski]

Perhaps these issues are all unrelated, but my spider sense is starting 
to tingle...


1) Last week we had a customer start complaining about periodic timeouts 
on one of our resolvers. I'm still investigating it, but it seems to 
have resolved itself without any changes here. What is really strange is 
that in my packet captures I can see BIND do the full recursion that is 
requested, but it simply never sends a reply back to the customer's 
original query while answering other queries at the same time without a 
problem (and they are using a nagios test to lookup their own www A record).

2) Yesterday another customer discovered his own resolver cache was 
poisoned, and his access to some web sites was being proxied through 
vipertheripper.com

3) This morning Comcast DNS in Denver was positively glacial. I've never 
had such laggy responses from them. At first I thought the whole 
connection might be down, but I had some already established connections 
that were still working. Once I started routing DNS back through my VPN 
everything worked fine again.

4) And now I've just read this: 
http://arstechnica.com/security/news/2009/02/time-warner-cable-blames-ddos-attack-for-spotty-service.ars

Mike


-- 
Rockynet.com
303-629-2860
AS13345