I need some help in understand this one.. A disgruntled employee set up duplicate DNS for our domain on his personal server and convinced uu.net to update their DNS records to point to his server as our secondary DNS server. The record on his server has a different serial number than ours does, and we've contacted uu.net to point the domain back where it belonged. The question is how do I get the records to propagate rapidly?? he set the expire time on the records he sent out extremely high. Is there a way to force an update?? And what do the serial numbers really do? Thanks.
On Mon, 13 Aug 2001, Mike Moglin wrote:
I need some help in understand this one..
A disgruntled employee set up duplicate DNS for our domain on his personal server and convinced uu.net to update their DNS records to point to his server as our secondary DNS server. The record on his server has a different serial number than ours does, and we've contacted uu.net to point the domain back where it belonged.
The question is how do I get the records to propagate rapidly?? he set the expire time on the records he sent out extremely high. Is there a way to force an update??
You can't push an update to other peoples caches, so people who made requests against records in your zone during the time the nameservers pointed to his server will continue to go to his server until the timeout period or they clear their caches.
And what do the serial numbers really do?
It's used to determine if a slave is in sync with a master.
Your pretty much screwed as far as getting the cached responses fixed - it depends on the providers with the (bad) cached records clearing the cache (reboot or restart) or the cache timing out. Since this was obviously illegal if you can get his IP routed to your nameserver or just shutdown then it won't really matter that he has a pointer to his name server - the resolvers will just decide the secondary is down and look for another name server. Mark Radabaugh Amplex (419) 833-3635 -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Mike Moglin Sent: Monday, August 13, 2001 9:37 PM To: nanog@merit.edu Subject: DNS Issues I need some help in understand this one.. A disgruntled employee set up duplicate DNS for our domain on his personal server and convinced uu.net to update their DNS records to point to his server as our secondary DNS server. The record on his server has a different serial number than ours does, and we've contacted uu.net to point the domain back where it belonged. The question is how do I get the records to propagate rapidly?? he set the expire time on the records he sent out extremely high. Is there a way to force an update?? And what do the serial numbers really do? Thanks.
On Mon, 13 Aug 2001, Mike Moglin wrote:
The question is how do I get the records to propagate rapidly?? he set the expire time on the records he sent out extremely high. Is there a way to force an update?? And what do the serial numbers really do?
You don't. AFAIK, the only way would be to get everyone to restart their name servers. Not likely. Talk to your lawyer and the cops and make the disgruntled ex-employee pay. I've seen people do this sort of thing out of stupidity (typo an address, and reload the zone with an inconveniently long TTL), but it's a great way to screw someone if you can pull it off. -- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (4)
-
jlewis@lewis.org
-
Mark Radabaugh - Amplex
-
Mike Moglin
-
Patrick Greenwell