<p>FWIW, my NSLookup via google's dns 8.8.8.8 has been accurate since realizing I wasn't seeing the defacement earlier today:</p>
<p>via twitter: " RT @F4ls3Blu3 <a href="http://Netnames.co.uk">Netnames.co.uk</a> <<<< Owned L O L "</p>
<p>Currently from my home connection and using googles' dns servers, this subverts seeing the hijacked edition of any of the affected sites. Many sites that continued to update the correct record may have mitigated the spread of the bad records. I'm looking forward to what tomorrow's news cycle makes of this.</p>
<p>I'm assuming that the UK server may not have proliferated the record far (interesting that most were US-hosted sites, but attack launched via a UK dns server, so, better luck next time, attackers.)</p>
<p> <br><br><br></p>
<p>On Sep 4, 2011 9:28 PM, "Josh Luthman" <<a href="mailto:josh@imaginenetworksllc.com">josh@imaginenetworksllc.com</a>> wrote:<br>
><br>
> DNS Cache.<br>
><br>
> <a href="http://en.wikipedia.org/wiki/Domain_Name_System#Recursive_and_caching_name_server">http://en.wikipedia.org/wiki/Domain_Name_System#Recursive_and_caching_name_server</a><br>
><br>
> In other words, the web server is not down but the DNS records are broken. To get around the broken part you can do as was suggested and etc your hosts file (used before your DNS server, usually).<br>
><br>
> Josh Luthman<br>
> Office: 937-552-2340<br>
> Direct: 937-552-2343<br>
> 1100 Wayne St<br>
> Suite 1337<br>
> Troy, OH 45373<br>
><br>
><br>
><br>
> On Sun, Sep 4, 2011 at 9:09 PM, Jeremy Chadwick <<a href="mailto:outages@jdc.parodius.com">outages@jdc.parodius.com</a>> wrote:<br>
>><br>
>> This response makes absolutely no sense with regards to the information<br>
>> I provided. Also, "cash server"? End of thread for me.<br>
>><br>
>> --<br>
>> | Jeremy Chadwick jdc at <a href="http://parodius.com">parodius.com</a> |<br>
>> | Parodius Networking <a href="http://www.parodius.com/">http://www.parodius.com/</a> |<br>
>> | UNIX Systems Administrator Mountain View, CA, US |<br>
>> | Making life hard for others since 1977. PGP 4BD6C0CB |<br>
>><br>
>> On Sun, Sep 04, 2011 at 08:00:33PM -0500, Mark Kierzkowski wrote:<br>
>> > You can created local record on your dns server for <a href="http://ups.com">ups.com</a> for now till there register fixes it.<br>
>> ><br>
>> > Here is dns record from Comcast cash servers for <a href="http://ups.com">ups.com</a><br>
>> ><br>
>> > <a href="http://ups.com">ups.com</a><br>
>> > Non-authoritative answer:<br>
>> > Name:??? <a href="http://ups.com">ups.com</a><br>
>> > Addresses:? 153.2.224.50, 153.2.228.50<br>
>> > ?<br>
>> ><br>
>> ><br>
>> ><br>
>> > --------------------------<br>
>> > Thanks.<br>
>> > Mark Kierzkowski<br>
>> ><br>
>> > ----- Original Message -----<br>
>> > From: Jeremy Chadwick [mailto:<a href="mailto:outages@jdc.parodius.com">outages@jdc.parodius.com</a>]<br>
>> > Sent: Sunday, September 04, 2011 07:42 PM<br>
>> > To: Mark Kierzkowski<br>
>> > Cc: <a href="mailto:outages@outages.org">outages@outages.org</a> <<a href="mailto:outages@outages.org">outages@outages.org</a>><br>
>> > Subject: Re: [outages] Is <a href="http://UPS.COM">UPS.COM</a> down<br>
>> ><br>
>> > Which DNS servers? It looks to me like <a href="http://nsa.ups.com">nsa.ups.com</a> and <a href="http://nsb.ups.com">nsb.ups.com</a> work<br>
>> > fine. I didn't care to try the AT&T and Sprint authoritative NSes.<br>
>> > Below is validation.<br>
>> ><br>
>> > My workplace relies heavily on UPS's web-based XML API for package<br>
>> > status and tracking details, and none of our real-time monitoring has<br>
>> > alerted for DNS issues or anything else pertaining to UPS today.<br>
>> ><br>
>> ><br>
>> ><br>
>> > $ dig @<a href="http://a.gtld-servers.net">a.gtld-servers.net</a> ns <a href="http://ups.com">ups.com</a>.<br>
>> ><br>
>> > ; <<>> DiG 9.6.-ESV-R5 <<>> @<a href="http://a.gtld-servers.net">a.gtld-servers.net</a> ns <a href="http://ups.com">ups.com</a>.<br>
>> > ; (1 server found)<br>
>> > ;; global options: +cmd<br>
>> > ;; Got answer:<br>
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22371<br>
>> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 6<br>
>> > ;; WARNING: recursion requested but not available<br>
>> ><br>
>> > ;; QUESTION SECTION:<br>
>> > ;<a href="http://ups.com">ups.com</a>. IN NS<br>
>> ><br>
>> > ;; AUTHORITY SECTION:<br>
>> > <a href="http://ups.com">ups.com</a>. 172800 IN NS <a href="http://nsa.ups.com">nsa.ups.com</a>.<br>
>> > <a href="http://ups.com">ups.com</a>. 172800 IN NS <a href="http://nsb.ups.com">nsb.ups.com</a>.<br>
>> > <a href="http://ups.com">ups.com</a>. 172800 IN NS <a href="http://cbru.br.ns.els-gms.att.net">cbru.br.ns.els-gms.att.net</a>.<br>
>> > <a href="http://ups.com">ups.com</a>. 172800 IN NS <a href="http://cmtu.mt.ns.els-gms.att.net">cmtu.mt.ns.els-gms.att.net</a>.<br>
>> > <a href="http://ups.com">ups.com</a>. 172800 IN NS <a href="http://ns1-auth.sprintlink.net">ns1-auth.sprintlink.net</a>.<br>
>> > <a href="http://ups.com">ups.com</a>. 172800 IN NS <a href="http://ns2-auth.sprintlink.net">ns2-auth.sprintlink.net</a>.<br>
>> ><br>
>> > ;; ADDITIONAL SECTION:<br>
>> > <a href="http://nsa.ups.com">nsa.ups.com</a>. 172800 IN A 153.2.242.115<br>
>> > <a href="http://nsb.ups.com">nsb.ups.com</a>. 172800 IN A 153.2.244.155<br>
>> > <a href="http://cbru.br.ns.els-gms.att.net">cbru.br.ns.els-gms.att.net</a>. 172800 IN A 199.191.128.105<br>
>> > <a href="http://cmtu.mt.ns.els-gms.att.net">cmtu.mt.ns.els-gms.att.net</a>. 172800 IN A 12.127.16.69<br>
>> > <a href="http://ns1-auth.sprintlink.net">ns1-auth.sprintlink.net</a>. 172800 IN A 206.228.179.10<br>
>> > <a href="http://ns2-auth.sprintlink.net">ns2-auth.sprintlink.net</a>. 172800 IN A 144.228.254.10<br>
>> ><br>
>> > ;; Query time: 104 msec<br>
>> > ;; SERVER: 192.5.6.30#53(192.5.6.30)<br>
>> > ;; WHEN: Sun Sep 4 17:37:37 2011<br>
>> > ;; MSG SIZE rcvd: 276<br>
>> ><br>
>> ><br>
>> > $ dig @<a href="http://nsa.ups.com">nsa.ups.com</a> a <a href="http://www.ups.com">www.ups.com</a><br>
>> ><br>
>> > ; <<>> DiG 9.6.-ESV-R5 <<>> @<a href="http://nsa.ups.com">nsa.ups.com</a> a <a href="http://www.ups.com">www.ups.com</a><br>
>> > ; (1 server found)<br>
>> > ;; global options: +cmd<br>
>> > ;; Got answer:<br>
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16074<br>
>> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 9, ADDITIONAL: 5<br>
>> ><br>
>> > ;; QUESTION SECTION:<br>
>> > ;<a href="http://www.ups.com">www.ups.com</a>. IN A<br>
>> ><br>
>> > ;; ANSWER SECTION:<br>
>> > <a href="http://www.ups.com">www.ups.com</a>. 300 IN CNAME <a href="http://www.ups.com.akadns.net">www.ups.com.akadns.net</a>.<br>
>> > <a href="http://www.ups.com.akadns.net">www.ups.com.akadns.net</a>. 92 IN CNAME <a href="http://www.upsprodcidr2.com.akadns.net">www.upsprodcidr2.com.akadns.net</a>.<br>
>> > <a href="http://www.upsprodcidr2.com.akadns.net">www.upsprodcidr2.com.akadns.net</a>. 15 IN CNAME <a href="http://www2.ups.com.edgekey.net">www2.ups.com.edgekey.net</a>.<br>
>> > <a href="http://www2.ups.com.edgekey.net">www2.ups.com.edgekey.net</a>. 129 IN CNAME <a href="http://e1250.b.akamaiedge.net">e1250.b.akamaiedge.net</a>.<br>
>> > <a href="http://e1250.b.akamaiedge.net">e1250.b.akamaiedge.net</a>. 5 IN A 96.6.165.62<br>
>> ><br>
>> > ;; AUTHORITY SECTION:<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n4b.akamaiedge.net">n4b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n6b.akamaiedge.net">n6b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n1b.akamaiedge.net">n1b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n5b.akamaiedge.net">n5b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n2b.akamaiedge.net">n2b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n8b.akamaiedge.net">n8b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n3b.akamaiedge.net">n3b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n0b.akamaiedge.net">n0b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 228 IN NS <a href="http://n7b.akamaiedge.net">n7b.akamaiedge.net</a>.<br>
>> ><br>
>> > ;; ADDITIONAL SECTION:<br>
>> > <a href="http://n2b.akamaiedge.net">n2b.akamaiedge.net</a>. 3393 IN A 209.170.113.121<br>
>> > <a href="http://n4b.akamaiedge.net">n4b.akamaiedge.net</a>. 919 IN A 209.170.113.83<br>
>> > <a href="http://n5b.akamaiedge.net">n5b.akamaiedge.net</a>. 217 IN A 209.170.113.120<br>
>> > <a href="http://n7b.akamaiedge.net">n7b.akamaiedge.net</a>. 919 IN A 209.170.113.83<br>
>> > <a href="http://n8b.akamaiedge.net">n8b.akamaiedge.net</a>. 3030 IN A 209.170.113.83<br>
>> ><br>
>> > ;; Query time: 96 msec<br>
>> > ;; SERVER: 153.2.242.115#53(153.2.242.115)<br>
>> > ;; WHEN: Sun Sep 4 17:37:46 2011<br>
>> > ;; MSG SIZE rcvd: 422<br>
>> ><br>
>> ><br>
>> > $ dig @<a href="http://nsb.ups.com">nsb.ups.com</a> a <a href="http://www.ups.com">www.ups.com</a><br>
>> ><br>
>> > ; <<>> DiG 9.6.-ESV-R5 <<>> @<a href="http://nsb.ups.com">nsb.ups.com</a> a <a href="http://www.ups.com">www.ups.com</a><br>
>> > ; (1 server found)<br>
>> > ;; global options: +cmd<br>
>> > ;; Got answer:<br>
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9024<br>
>> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 9, ADDITIONAL: 6<br>
>> ><br>
>> > ;; QUESTION SECTION:<br>
>> > ;<a href="http://www.ups.com">www.ups.com</a>. IN A<br>
>> ><br>
>> > ;; ANSWER SECTION:<br>
>> > <a href="http://www.ups.com">www.ups.com</a>. 300 IN CNAME <a href="http://www.ups.com.akadns.net">www.ups.com.akadns.net</a>.<br>
>> > <a href="http://www.ups.com.akadns.net">www.ups.com.akadns.net</a>. 277 IN CNAME <a href="http://www.upsprodcidr2.com.akadns.net">www.upsprodcidr2.com.akadns.net</a>.<br>
>> > <a href="http://www.upsprodcidr2.com.akadns.net">www.upsprodcidr2.com.akadns.net</a>. 7 IN CNAME <a href="http://www2.ups.com.edgekey.net">www2.ups.com.edgekey.net</a>.<br>
>> > <a href="http://www2.ups.com.edgekey.net">www2.ups.com.edgekey.net</a>. 346 IN CNAME <a href="http://e1250.b.akamaiedge.net">e1250.b.akamaiedge.net</a>.<br>
>> > <a href="http://e1250.b.akamaiedge.net">e1250.b.akamaiedge.net</a>. 20 IN A 72.247.9.62<br>
>> ><br>
>> > ;; AUTHORITY SECTION:<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n3b.akamaiedge.net">n3b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n4b.akamaiedge.net">n4b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n2b.akamaiedge.net">n2b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n5b.akamaiedge.net">n5b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n1b.akamaiedge.net">n1b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n6b.akamaiedge.net">n6b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n8b.akamaiedge.net">n8b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n0b.akamaiedge.net">n0b.akamaiedge.net</a>.<br>
>> > <a href="http://b.akamaiedge.net">b.akamaiedge.net</a>. 317 IN NS <a href="http://n7b.akamaiedge.net">n7b.akamaiedge.net</a>.<br>
>> ><br>
>> > ;; ADDITIONAL SECTION:<br>
>> > <a href="http://n1b.akamaiedge.net">n1b.akamaiedge.net</a>. 1534 IN A 208.45.220.25<br>
>> > <a href="http://n2b.akamaiedge.net">n2b.akamaiedge.net</a>. 2890 IN A 208.45.220.24<br>
>> > <a href="http://n4b.akamaiedge.net">n4b.akamaiedge.net</a>. 1077 IN A 96.17.74.217<br>
>> > <a href="http://n5b.akamaiedge.net">n5b.akamaiedge.net</a>. 336 IN A 96.17.74.214<br>
>> > <a href="http://n7b.akamaiedge.net">n7b.akamaiedge.net</a>. 1077 IN A 96.17.74.217<br>
>> > <a href="http://n8b.akamaiedge.net">n8b.akamaiedge.net</a>. 792 IN A 96.17.74.218<br>
>> ><br>
>> > ;; Query time: 88 msec<br>
>> > ;; SERVER: 153.2.244.155#53(153.2.244.155)<br>
>> > ;; WHEN: Sun Sep 4 17:37:55 2011<br>
>> > ;; MSG SIZE rcvd: 438<br>
>> ><br>
>> > --<br>
>> > | Jeremy Chadwick jdc at <a href="http://parodius.com">parodius.com</a> |<br>
>> > | Parodius Networking <a href="http://www.parodius.com/">http://www.parodius.com/</a> |<br>
>> > | UNIX Systems Administrator Mountain View, CA, US |<br>
>> > | Making life hard for others since 1977. PGP 4BD6C0CB |<br>
>> ><br>
>> > On Sun, Sep 04, 2011 at 07:26:02PM -0500, Mark Kierzkowski wrote:<br>
>> > > Is anyone experiencing issues with <a href="http://ups.com">ups.com</a> site?<br>
>> > ><br>
>> > > Looks like dns servers are not resolving that domain.<br>
>> > ><br>
>> ><br>
>> > > _______________________________________________<br>
>> > > Outages mailing list<br>
>> > > <a href="mailto:Outages@outages.org">Outages@outages.org</a><br>
>> > > <a href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a><br>
>> _______________________________________________<br>
>> Outages mailing list<br>
>> <a href="mailto:Outages@outages.org">Outages@outages.org</a><br>
>> <a href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Outages mailing list<br>
> <a href="mailto:Outages@outages.org">Outages@outages.org</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a><br>
><br>
</p>