Quote History Quoted:
My clients on opendns were not affected by this
Clients on Comcast and Google DNS servers were, until I switched them over to opendns at 845am
View Quote View All Quotes
View All Quotes
Quote History Quoted:
My clients on opendns were not affected by this
Clients on Comcast and Google DNS servers were, until I switched them over to opendns at 845am
that has nothing to do with the source of the data and everything to do with action taken by the man in the middle.
as a DNS operator, when you first realize that you have this specific type of DNS problem, you reconfigure your caching forwarder software to ignore the SOA TTL and not expire any DNS entires.
your local DNS data thus becomes "stale" over time (tens of minutes to hours) but at least the vast majority of the data will continue to be correct.
however if you don't know what the problem is, and don't explicitly choose to ignore the TTL, your DNS cache entries expire and are culled.
thereafter the next request to look up www.twitter.com requires a peek at twitter's SOA, which is held by Dyn. (*)
there is no answer from Dyn because DDOS, thus no IP address resolution for www.twitter.com.
the only authoritative DNS data for twitter's domains are held on Dyn servers; openDNS does not have SOA for twitter, and either has to look it up via Dyn or cache-and-carry.
http://bgp.he.net/dns/twitter.com
ar-jedi
(*) this problem is exacerbated to a huge degree because of CDN's (akamai, etc) which -- as a service -- provide geographic locality of DNS responses.
pull up www.twitter.com on a mobile handset in India, and you get the IP address of a twitter server located in India, not San Francisco.