GoDaddy.com shuts down entire data center?
Simon Waters
simonw at zynet.net
Mon Jan 16 10:43:01 UTC 2006
Doesn't this fall under bad things happen.
Hopefully it is very clear to all on NANOG that DNS changes can have
unforeseeable consequences, because of the nature of the delegation in the
DNS.
As such pulling DNS records (or zones) you don't fully understand the usage
of, as a response to a security/spam problem, is generally a bad idea.
That said ultimately a decision has to be taken, relative benefits versus
risks.
I'm very grateful someone arranged that all records used by the "MINIT" trojan
now point to an RFC1918 private address space*, having found infected boxes
failing to download their payload as a result. However pulling DNS records
probably doesn't belong in the hurly burly of front line support.
Simon
*Anyone going to check how many DNS servers are still caching "asfasf.ath.cx",
to tell how many boxes "nearly" downloaded the payload? In the style of the
Sony DRM fiasco measurement.
More information about the NANOG
mailing list