Patrick van Staveren <pvanstaveren@mintel.com> writes:
This past Tuesday the 22nd I was witness to a widespread DNS poisoning problem in China, whereby a lot of DNS queries were all returning the same IP address, 65.49.2.178. Our websites became unavailable for most of our customers in China, as with many other websites. ... I have two questions for anyone: 1) I've found quite a bit of unofficial news [1] [2] on what happened, but does anyone know what *actually* happened? The only official news from the government that I can find says, "It was probably a cyberattack, but really, we don't know." [3] 2) As a website & network operator who strives to keep their product always available, is there anything I can actually do to prevent from this in the future?
I believe the protocol feature specifically designed to prevent this kind of thing is DNSSEC. However, it seems like the common explanation now is an operator error while administrating the Great Firewall. I don't think there's anything technical you can do about that.