|
| |
|
|
pageoneresults
Posts: 1001
From: Orange, CA USA
Status: offline
 |
DNS Recursion - Open DNS Servers - 3/21/2006 9:58:30
On 2006 March 13, Monday, we posted a topic at WebmasterWorld concerning a threat that has been lying dormant for years and has now become a mainstream concern. It all has to do with your DNS servers and recursion.
DNS Recursion - You Are At Risk
Quick, perform a DNS Report for your domain and see if your DNS Servers are open for recursion.
DNS Report
If they are, you should contact your provider and provide them links to the various discussions that are taking place concerning this. We have a pretty definitive list here along with links to instructions on how to correct these issues on Windows and UNIX.
DNS Recursion - The Katrina of Internet Storms
< Message edited by pageoneresults -- 3/21/2006 10:05:12 >
_____________________________
SEO Consultants Directory
Find Search Engine Marketing Companies
|
|
|
|
Kitka
Posts: 2515
Joined: 1/31/2002
From: Australia
Status: offline
|
RE: DNS Recursion - Open DNS Servers - 3/21/2006 10:48:50
pageoneresults, very interesting you should raise this issue as it has been concerning me recently.
I did a DNS report on one of our client's sites early last week and on 11 March strongly expressed my concern to our hosting company. They took their time answering but late that day responded with this:
quote:
We have checked and we are forwarding this to our server manager to check why the dns is open.
Also please be assured that we have 24x7 monitoring and server is behind strong internal and external firewall preventing any backdoor attacks due to open dns servers.
We are forwarding this now and we will get this sorted asap
Please do not hesitate to contact us again should you require further assistance or if this issue has not been resolved to your satisfaction.
I wasn't particularly reassured by their reply, but worse was to come. Late on 14th March (approx three days later) all our reseller sites on one server went down and these were the first system status messages posted on the host's website:
quote:
Time: 9.30pm
The boot files were unrecoverable, requiring an operating system reload for the Alpha and Beta machines. We have implemented our disaster recovery plan and are moving sites to a new server that we have on standby. We are working closely with our data centre on to ensure minimal downtime and a smooth transition. We can not provide an ETA at this stage on how long this will take, but will update this page as we have more information. We apologise for any inconvenience caused.
=========================
Time : 7PM
The boot files on these machines have become corrupt...we are attempting to rectify and restore these files.
=========================
Time : 6PM
Data centre has taken these two servers ( Alpha and Beta) offline to disable system processes.
=========================
DNS service unavailable on Alpha and Beta server. We are working with our data centre to correct it. The server may go offline for brief periods for restarts
Time : 5.40 PM
(Names of servers changed to obfuscate)
I find it very odd that the DNS on two separate servers would collapse at exactly the same time, and am naturally wondering if it was related to the open DNS. I haven't bothered asking as I doubt I'd get a truthful answer. I also wonder why they needed to "disable system processes."?? What processes were running that shouldn't have been and why? I know little about running servers, but it all seems very odd.
Our hosting company (or should I say the server farm they lease from) didn't get around to formatting a new HDD for our server until 11.30pm on 15 March, and the transfer of a backup of the old one dated 25th Feb (we were on Beta and they did Alpha first) wasn't complete till 6.30pm on 16th March and syncing of files from 14th March wasn't complete for another 24 hours, making it 17th March before everything was more or less normal ... so much for their so-called disaster recovery plan! 
So for almost two days, all our clients and ourselves were without email (which bounced back to sender, never to be seen again), nevermind the websites being unavailable. We were considerably more than a little put out.
Worst of all, is that now the server is restored and functioning well, DNS Report *still* shows the DNS servers for the "new" server (old name but new IP) as open.
So now I'm wondering how long it will be before we have another disaster. 
Until this happened, we have had no more than the occasional few minutes downtime with this hosting company. </rant>
_____________________________
Kitka
**It is impossible to make anything foolproof because fools are so ingenious.**
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
