 tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 | DNSSEC? "we don't need no stinkin' DNSSEC ! " Do we? |
|
|
|
 DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | Re: DNSSEC? "we don't need no stinkin' DNSSEC ! " DNSSec prevents the spoofing of DNS response packets, it does not prevent someone from asking the DNS over and over 'hey, what is this IP?"
Sorry charlie, not exactly that simple. |
|
| Alternative DNS servers Google Public DNS
Primary: 8.8.8.8
Secondary: 8.8.4.4
Of course, if you can get here and read this, you probably don't need this info. |
|
DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | slight problem From what I understand the authoritative servers are under attack, if that's the case no one is going to get an answer. Even the great google won't get one. |
|
| HA HA ! & He He !!!  Very Mature.  |
|
tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
 ·Comcast
| reply to David
Re: DNSSEC? "we don't need no stinkin' DNSSEC ! " The point being AT&T has long been lazy in preemptive stratagies for DNS and other potential security and usabilty issues that others seem to largely avoid.
The one they most recently pooh poohed as unnessesary was DNSSEC.
You have to admit the (potential for a) problem existing, BEFORE you can plan to avoid it, or at least become resilent to it. |
|
 TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx
·Optimum Online
 ·Clearwire Wireless
| reply to David
Re: slight problem said by David:From what I understand the authoritative servers are under attack, if that's the case no one is going to get an answer. Even the great google won't get one.
Only addresses under the AT&T domain are controlled by those servers. AT&T customers needing to resolve addresses outside of AT&T can use any alternate public DNS servers. |
|
| reply to David
If you're talking about the DNS servers that are authoritative for AT&T-hosted domains, then no, no one will be able to resolve them, no matter what servers they use or what network they're on. But I get the impression that this is referring to the DNS servers that AT&T customers use by default. If it's those that are under attack, then using alternative servers will get around that.
Now if you mean that it's the root servers that are under attack, well, we wouldn't be having this conversation right now. |
|
| Thanks AT&T Isn't it great that many (all?) of the AT&T's U-Verse routers don't allow you to change the assigned DNS servers? You have to either do it per-machine, or buy a secondary router. |
|
DNSguy
join:2006-04-09
Broomfield, CO
kudos:3 | reply to ISurfTooMuch
Re: slight problem It was not referring to the DNS resolvers our customers use. You were correct in your first statement - only the servers that are authoritative for AT&T hosted domains were under attack. Using alternate servers would not help at all, as those servers would be unable to get replies. |
|
| reply to CCNnorthcali
Re: Thanks AT&T That's essentially what i do. i've got a linux server that runs a local DNS server and the DHCP server hands out the local machine's IP as the DNS server IP. |
|
 mmay149qPremium
join:2009-03-05
Dallas, TX
kudos:48 | reply to CCNnorthcali
said by CCNnorthcali:Isn't it great that many (all?) of the AT&T's U-Verse routers don't allow you to change the assigned DNS servers? You have to either do it per-machine, or buy a secondary router.
It was not referring to the DNS resolvers our customers use. You were correct in your first statement - only the servers that are authoritative for AT&T hosted domains were under attack. Using alternate servers would not help at all, as those servers would be unable to get replies.
l2r, just sayin......
Matt
--
Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. -Albert Einstein |
|
DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | reply to CCNnorthcali
DNSguy pretty much summed it up it wasn't a customer (Uverse, dsl) dns problem. I suppose you can change your DNS, if you have time to waste. |
|
| I have u-verse but so far no impact |
|
DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 Reviews:
 ·DIRECTV
 ·AT&T Midwest
 ·magicjack.com
·Google Voice
·AT&T Southwest
| you shouldn't see any either. Had you seen it, DNSguy  would have been all over that like stink on s__t! |
|
| reply to DNSguy
Re: slight problem That's definitely the case. Our company was crippled due to this attack. We were already in the process of migrating from AT&T's servers to another provider so we sped up that transition. Then we had to wait for the changes to propagate.
It has not been a fun 24 hours. |
|
| reply to tshirt
Re: DNSSEC? "we don't need no stinkin' DNSSEC ! " What's that got to do with a denial of service?
DNS understanding: FAIL |
|
| Explains why my dad's Mac wasn't working Explains why my dad's Mac wasn't working. I went over there thinking it was user error then I downloaded chrome and has that same issue and chrome gave me the dns error. Once I switched it then everything worked fine.
He called ATT around 8 am cst that morning and they had him try a website and told him everything worked fine I went over there about 11 and fixed it. |
|
| reply to David
Re: I have u-verse said by David:you shouldn't see any either. Had you seen it, DNSguy would have been all over that like stAnk on s__t! Fixed |
|
| Well, wasn't a happy day for some banks Seems this also affected many credit unions as it took down some ATM's and Online Banking. Too bad hey didn't have a "secondary" DNS server setup. Duh.  |
|
