1. Anonymous Coward
    Anonymous Coward

    DNS Poisoning?

    In order to get a roughly balanced view of what's going on in the world, I often look at RT.com. This evening at 21:40 instead of the RT site I got one of those sites that is just an aggregation of links.

    That was on my normal DNS service - from TalkTalk. I changed to OpenDNS and RT was back.

    By 22:15 OpenDNS was also redirecting to the dodgy site (somewhere in the Virgin islands).

    Q : is this an example of DNS Poisoning? If not, what the f- is going on?

    1. Anonymous Coward
      Anonymous Coward

      Re: DNS Poisoning?

      They forgot to renew their domain name.

      1. Anonymous Coward
        Anonymous Coward

        Re: DNS Poisoning?

        Forgot to renew their domain name?

        Does that account for the patchy nature of the loss of service - ie failure to resolve the domain name correctly depending on the DNS service used?

        That's a genuine question, by the way - I'm interested in the mechanics of how it happened. What was also interesting was the total lack of any informed comment on what was going, not least on their own site.

      2. koolholio

        Re: DNS Poisoning?

        expires on 22-Sep-2022.

        created on 23-Sep-1991.

  2. This post has been deleted by its author

  3. NickJohnson

    Go to this link, you will find out why it is important to renew the domain name....


    1. Anonymous Coward
      Anonymous Coward

      Useful advice, thanks, but it doesn't really answer the question that has really been bugging me.

      Does failing to renew the domain name account for what happened in this case? I was hoping that someone would explain the mechanics of what happened to RT - it was after all an interesting event (to me, anyway).

  4. koolholio

    Its known as Peering issues

    the Root AS nodes can sometimes drop routes between one another for various reasons e.g. maintenance ... it can also be a web cache issue, or a dns resolution issue between A and C with B being any node inbetween.

    Try running (on the 'affected' machine) a traceroute to find the peer where it stops at, or an nslookup

    If it returns a server failure on nslookup, the DNS server you are asking cannot request it (so check your machines DNS configuration and change it manually to the IP's of the dns servers you wish to query?)

    DNS cache poisioning is usually where it redirects to a separate website, usually for malware.

  5. koolholio

    also you could try visiting either:

    If using the IP doesnt work, its a routing issue to resolve that peer or a firewall issue etc.

  6. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021