  tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 | DNSSEC? "we don't need no stinkin' DNSSEC ! " Do we? | |
|
 |  DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | Re: DNSSEC? "we don't need no stinkin' DNSSEC ! " DNSSec prevents the spoofing of DNS response packets, it does not prevent someone from asking the DNS over and over 'hey, what is this IP?"
Sorry charlie, not exactly that simple. | |
|
| | tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
 ·Comcast
| Re: DNSSEC? "we don't need no stinkin' DNSSEC ! " The point being AT&T has long been lazy in preemptive stratagies for DNS and other potential security and usabilty issues that others seem to largely avoid.
The one they most recently pooh poohed as unnessesary was DNSSEC.
You have to admit the (potential for a) problem existing, BEFORE you can plan to avoid it, or at least become resilent to it. | |
|
| | | What's that got to do with a denial of service?
DNS understanding: FAIL | |
|
| | Alternative DNS servers Google Public DNS
Primary: 8.8.8.8
Secondary: 8.8.4.4
Of course, if you can get here and read this, you probably don't need this info. | |
|
| sk1939Premium
join:2010-10-23
Washington, DC
kudos:9 | Re: Alternative DNS servers DSLReports: 209.123.109.175 | |
|
DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | slight problem From what I understand the authoritative servers are under attack, if that's the case no one is going to get an answer. Even the great google won't get one. | |
|
|  TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx
·Optimum Online
 ·Clearwire Wireless
| Re: slight problem said by David:From what I understand the authoritative servers are under attack, if that's the case no one is going to get an answer. Even the great google won't get one.
Only addresses under the AT&T domain are controlled by those servers. AT&T customers needing to resolve addresses outside of AT&T can use any alternate public DNS servers. | |
|
| | | If you're talking about the DNS servers that are authoritative for AT&T-hosted domains, then no, no one will be able to resolve them, no matter what servers they use or what network they're on. But I get the impression that this is referring to the DNS servers that AT&T customers use by default. If it's those that are under attack, then using alternative servers will get around that.
Now if you mean that it's the root servers that are under attack, well, we wouldn't be having this conversation right now. | |
|
| | DNSguy
join:2006-04-09
Broomfield, CO
kudos:3 | Re: slight problem It was not referring to the DNS resolvers our customers use. You were correct in your first statement - only the servers that are authoritative for AT&T hosted domains were under attack. Using alternate servers would not help at all, as those servers would be unable to get replies. | |
|
| | | | | Re: slight problem That's definitely the case. Our company was crippled due to this attack. We were already in the process of migrating from AT&T's servers to another provider so we sped up that transition. Then we had to wait for the changes to propagate.
It has not been a fun 24 hours. | |
|
| | HA HA ! & He He !!!  Very Mature.  | |
|
| | Thanks AT&T Isn't it great that many (all?) of the AT&T's U-Verse routers don't allow you to change the assigned DNS servers? You have to either do it per-machine, or buy a secondary router. | |
|
| | | Re: Thanks AT&T That's essentially what i do. i've got a linux server that runs a local DNS server and the DHCP server hands out the local machine's IP as the DNS server IP. | |
|
|  mmay149qPremium
join:2009-03-05
Dallas, TX
kudos:48 | said by CCNnorthcali:Isn't it great that many (all?) of the AT&T's U-Verse routers don't allow you to change the assigned DNS servers? You have to either do it per-machine, or buy a secondary router.
It was not referring to the DNS resolvers our customers use. You were correct in your first statement - only the servers that are authoritative for AT&T hosted domains were under attack. Using alternate servers would not help at all, as those servers would be unable to get replies.
l2r, just sayin......
Matt
--
Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. -Albert Einstein | |
|
| DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | DNSguy pretty much summed it up it wasn't a customer (Uverse, dsl) dns problem. I suppose you can change your DNS, if you have time to waste. | |
|
| | I have u-verse but so far no impact | |
|
| |
| | | |  Re: I have u-verse
said by David:you shouldn't see any either. Had you seen it, DNSguy  would have been all over that like stAnk on s__t! Fixed | |
|
| | | DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | Re: I have u-verse LOL! +2 That was funny! | |
|
| | Explains why my dad's Mac wasn't working Explains why my dad's Mac wasn't working. I went over there thinking it was user error then I downloaded chrome and has that same issue and chrome gave me the dns error. Once I switched it then everything worked fine.
He called ATT around 8 am cst that morning and they had him try a website and told him everything worked fine I went over there about 11 and fixed it. | |
|
| | Well, wasn't a happy day for some banks Seems this also affected many credit unions as it took down some ATM's and Online Banking. Too bad hey didn't have a "secondary" DNS server setup. Duh.  | |
|
| | Phew I missed out on all the phone, my MIS line and my Uverse line at home are not having any issues. | |
|
| | Good thing I don't use AT&T's DNS I've been using opendns pretty much since I got uverse. When I last used att's dns over two years ago, I found it to be extremely slow despite the bandwidth I had available. I switched to opendns and it's been smooth sailing ever since. | |
|
|
|
·
·
·