North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
The weak link? DNS
Watching the Iraqi Ururklink and Al Jazeera over the weekend what struck me is how many different ways network administrators can mess up. Although malicious actors have been trying (and succeeding) to exploit vulnerabilities, the worst problems seem to be self-inflicted. Administrators had used firewalls and locked down their web sites, sometimes so well they couldn't handle the traffic load. But the real weak link was their DNS servers. For example, Al Jazeera had time-to-live set of their domain records set to 15 minutes, making them even more vulnerable to increasing the load on their systems. Of course, Al Jazeera had other problems too. What even stranger about the Iraqi state provider Uruklink.net is the DNS servers are now self-identifying with earlier (with known bugs) versions of BIND. Last week the Uruklink name server 22.214.171.124 was running 8.2.2-P5, but now is running 8.1.2. Although the web site for www.uruklink.net is up, DNS lookups for www.uruklink.net return various other IP addresses (not in 126.96.36.199/24). Including some addresses running web sites claiming the site is "owned." In reality, the site isn't owned, you are being redirected to a unrelated web site.