Backup blog for when I make scammers and spammers angry and they DDoS my personal website. If you can read this, somebody is pissed off at me.

Thursday, April 27, 2006

Shady DNS Redirection Revisited

Note: This was first posted to my personal website on April 20, 2006 but has been moved here as a result of continued DDoS attacks on my server.

I’ve gotten a few emails related to this topic but I just noticed them today (one of the dangers of having more than a dozen pop3 accounts). My apologies for the delay.

I’ve also been stifled by a DDoS attack that is apparently being directed at this blog. I have no idea what that’s all about.

In regard to how I got rid of this f*****g plague, well, there was nothing glamourous, heroic, or even technical about it I’m afraid.

I just waited.

The redirections from ended approximately 24 hours after they began. That would sound about right since a lot of DNS servers are configured with 24 hour minimum ttl.

I do have a theory about how this is occurring on live domains that are not undergoing name server changes, but It’s not coherent enough to be published yet. I’ll get to it as soon as I can.

My best advice would be this:

  • Never let your domain sit for even a short period of time without a valid name server registered at your registrar.
  • Make sure your domain’s zone exists on your new name server before you even attempt a changeover. In spite of the 24-48 hour propogation cycle that people expect, registrars can often propogate name server changes in under an hour. GoDaddy does it almost instantly.
  • Contact friends at other ISPs to see if they are having the same problem (not always practical, I know).
  • Contact your ISP and ask them to manually scavenge the DNS records for your zone (good luck with that) to ensure their DNS server is resolving with the most recent records.

That’s all I’ve got for now, but I’ll keep looking for answers. If anyone has some additional insight or intel, please feel free to post it in the comments.


Post a Comment

<< Home