China ISPs DNS problems on Jan 22nd - any idea what happened?

Geoffrey Keating geoffk at
Mon Jan 27 03:50:34 UTC 2014

Patrick van Staveren <pvanstaveren at> writes:

> This past Tuesday the 22nd I was witness to a widespread DNS poisoning
> problem in China, whereby a lot of DNS queries were all returning the same
> IP address,  Our websites became unavailable for most of our
> customers in China, as with many other websites.
> I have two questions for anyone:
> 1) I've found quite a bit of unofficial news [1] [2] on what happened, but
> does anyone know what *actually* happened?  The only official news from the
> government that I can find says, "It was probably a cyberattack, but
> really, we don't know." [3]
> 2) As a website & network operator who strives to keep their product always
> available, is there anything I can actually do to prevent from this in the
> future?

I believe the protocol feature specifically designed to prevent this
kind of thing is DNSSEC.

However, it seems like the common explanation now is an operator error
while administrating the Great Firewall.  I don't think there's
anything technical you can do about that.

More information about the NANOG mailing list