I can not go into details, but suffice it to say DNS was just a symptom of
other events, not the problem itself.  DNS TTL on the global load balancing
system was at 5 seconds and DNS load never rose above trivial.

----- Original Message -----
From: "Sean Donelan" <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 4:09 AM
Subject: The weak link? DNS

> Watching the Iraqi Ururklink and Al Jazeera over the weekend what struck
> me is how many different ways network administrators can mess up.
> Although malicious actors have been trying (and succeeding) to exploit
> vulnerabilities, the worst problems seem to be self-inflicted.
> Administrators had used firewalls and locked down their web sites,
> sometimes so well they couldn't handle the traffic load.
> But the real weak link was their DNS servers.
> For example, Al Jazeera had time-to-live set of their domain records set
> to 15 minutes, making them even more vulnerable to increasing the load
> on their systems.  Of course, Al Jazeera had other problems too.
> What even stranger about the Iraqi state provider Uruklink.net is the DNS
> servers are now self-identifying with earlier (with known bugs) versions
> of BIND.  Last week the Uruklink name server was running
> 8.2.2-P5, but now is running 8.1.2.  Although the web site for
> www.uruklink.net is up, DNS lookups for www.uruklink.net return various
> other IP addresses (not in  Including some addresses
> running web sites claiming the site is "owned." In reality, the site
> isn't owned, you are being redirected to a unrelated web site.

Reply via email to