China ISPs DNS problems on Jan 22nd - any idea what happened?
geoffk at geoffk.org
Mon Jan 27 03:50:34 UTC 2014
Patrick van Staveren <pvanstaveren at mintel.com> writes:
> This past Tuesday the 22nd I was witness to a widespread DNS poisoning
> problem in China, whereby a lot of DNS queries were all returning the same
> IP address, 188.8.131.52. Our websites became unavailable for most of our
> customers in China, as with many other websites.
> I have two questions for anyone:
> 1) I've found quite a bit of unofficial news   on what happened, but
> does anyone know what *actually* happened? The only official news from the
> government that I can find says, "It was probably a cyberattack, but
> really, we don't know." 
> 2) As a website & network operator who strives to keep their product always
> available, is there anything I can actually do to prevent from this in the
I believe the protocol feature specifically designed to prevent this
kind of thing is DNSSEC.
However, it seems like the common explanation now is an operator error
while administrating the Great Firewall. I don't think there's
anything technical you can do about that.
More information about the NANOG