Attack on the DNS ?

Greg Ihnen os10rules at gmail.com
Sun Apr 1 01:30:32 UTC 2012


I manage a tiny network in the Amazon, a satellite internet connection and decent sized wireless network.

All of my users started complaining yesterday about lost connectivity except for Skype. I had no problems. I checked from the users'  computers and could not resolve domain names (when Skype connects and nothing else does it's always been a DNS issue). After much troubleshooting I finally fired up Wireshark and saw that the DNS servers (or someone appearing to have their IP addresses) were replying to our queries with "no such name".

The reason I was having no problems is I'm using OpenDNS' DNSCrypt. With DNSCrypt on we have no problems. With good old fashioned unencrypted DNS (Googles, OpenDNS', our ISPs) we're barely able to communicate.

Is DNS traffic being directed to bogus servers? Are the real servers being overloaded? Am I seeing the results of some kind of DDOS mitigation technique?

Is anyone else seeing this?

Greg Ihnen



More information about the NANOG mailing list