DNS Poisoning?

Posted Wednesday 5th September 2012 21:24 GMT

In order to get a roughly balanced view of what's going on in the world, I often look at RT.com. This evening at 21:40 instead of the RT site I got one of those sites that is just an aggregation of links.

That was on my normal DNS service - from TalkTalk. I changed to OpenDNS and RT was back.

By 22:15 OpenDNS was also redirecting to the dodgy site (somewhere in the Virgin islands).

Q : is this an example of DNS Poisoning? If not, what the f- is going on?

Posted Friday 7th September 2012 15:36 GMT

Drewc

Re: DNS Poisoning?

They forgot to renew their domain name.

Posted Friday 7th September 2012 17:56 GMT

JustaKOS

Re: DNS Poisoning?

Forgot to renew their domain name?

Does that account for the patchy nature of the loss of service - ie failure to resolve the domain name correctly depending on the DNS service used?

That's a genuine question, by the way - I'm interested in the mechanics of how it happened. What was also interesting was the total lack of any informed comment on what was going, not least on their own site.

Posted Tuesday 29th January 2013 18:48 GMT

koolholio

Re: DNS Poisoning?

expires on 22-Sep-2022.

created on 23-Sep-1991.

This post has been deleted by its author

Posted Thursday 13th December 2012 06:50 GMT

NickJohnson

Go to this link, you will find out why it is important to renew the domain name....

billhartzer.com/pages/how-to-know-if-you-should-renew-your-domain-name/

Posted Thursday 13th December 2012 08:54 GMT

JustaKOS

Useful advice, thanks, but it doesn't really answer the question that has really been bugging me.

Does failing to renew the domain name account for what happened in this case? I was hoping that someone would explain the mechanics of what happened to RT - it was after all an interesting event (to me, anyway).

Posted Tuesday 29th January 2013 18:39 GMT

koolholio

Its known as Peering issues

the Root AS nodes can sometimes drop routes between one another for various reasons e.g. maintenance ... it can also be a web cache issue, or a dns resolution issue between A and C with B being any node inbetween.

Try running (on the 'affected' machine) a traceroute to find the peer where it stops at, or an nslookup

If it returns a server failure on nslookup, the DNS server you are asking cannot request it (so check your machines DNS configuration and change it manually to the IP's of the dns servers you wish to query?)

DNS cache poisioning is usually where it redirects to a separate website, usually for malware.

Posted Tuesday 29th January 2013 18:43 GMT

koolholio

also you could try visiting either:

http://62.213.111.201/

http://62.213.111.202/

If using the IP doesnt work, its a routing issue to resolve that peer or a firewall issue etc.

This post has been deleted by its author