Re: Possible DNS cache poisoning attack
Don't attribute to malice that which can be explained by stupidity.
My guess is that Facebook botched a nameserver migration, such that
their apex NS records were pointing to unreachable nameservers. That
would make you unable to resolve the zone until the cache was
purged/flushed at which point you'd be able to resolve it via the
delegation records, you'd cache the bad NS records, and the cycle would
start all over again...
Rob Tanner wrote:[color=blue]
> Or, at least that's what it looks like.
> Last nigh (Oct 28) we were barraged by thousands of emails with a return
> path of facebookmail.com. Our MTA checks the return path of each
> incoming message so as to reject anything that can't be replied to.
> That, of course, requires a DNS lookup but every attempt to lookup
> facebookmail.com timed out and when I flushed the cache, it would
> resolve for a short while and then hang again until a again flushed my
> cache. This effectively brought both of my email edge servers to their
> knees as all the SMTP connections were tied up while the server was
> waiting on DNS.
> I upgraded back in July when the major security bug was discovered and
> my name servers all run BIND 9.5.0-P1. I know there were a couple of
> Windows specific updates since then which I ignored because I'm running
> on Linux. Is that version otherwise at risk and do I need to update for
> security reasons?