Brit registrar 123-Reg begins 2021 in much the same way it ended 2020 – with DNS issues

On Call Welcome to a continent-trotting edition of On Call, in which a Register reader takes a trip to sunnier climes only to be let down by a clown in windswept Blighty.

Our hero, whom we shall call Simon though that is not his name, was gainfully employed at a UK telecoms outfit way back in the mid-1990s. Carrying the vaunted title of systems engineer, he was based in the City of London doing pre-sales work for some of the world's biggest finance companies.

High-powered stuff, indeed.

ICANN on Wednesday rebuffed a request from Mykhailo Fedorov, First Vice Prime Minister of Ukraine, to revoke all Russian web domains, shut down Russian DNS root servers, and invalidate associated TLS/SSL certificates in response to the Russian invasion of Ukraine.

Fedorov made his request because Russia's assault has been "made possible mainly due to Russia propaganda machinery using websites continuously spreading disinformation, hate speech, promoting violence and hiding the truth about the war in Ukraine."

In a publicly posted reply [PDF], Göran Marby, CEO of ICANN, said his organization is an independent technical body charged with overseeing the global internet's DNS and unique identifiers and must maintain neutrality.

Russia's Ministry of Digital Development has acknowledged that sanctions may send its tech businesses to the wall, and announced a raft of measures designed to stop that happening – among them ending dependency on internet infrastructure hosted offshore and disconnecting from the global internet.

News of the industry support measures comes from an FAQ published by the Ministry on Saturday, which The Register has translated with online services. Among the questions asked is the poser: "What to do if IT specialists massively lose their jobs due to the suspension of the activities of foreign companies or a reduction in the export revenue of Russian developers?"

The answer is that Russia plans a round of subsidies aimed at sparking the development of software it's felt may soon be hard to source or operate. Other measures outlined in the FAQ are the ability to offer jobs to foreign workers without first having visas approved, a zero per cent tax rate for tech companies involved in activities the Kremlin feels are necessary, preferential mortgage rates for techies, and even exemption from military service.

In brief Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said.

We're told that the vulnerability could be exploited by tricking a subscriber into viewing a malicious webpage. If an attack was successful, their router would fall under the attacker's control, allowing the crook to open up ports to access other devices on the local network, change the LAN's default DNS settings to redirect browsers to malicious sites, reconfigure the gateway, and cause other general mischief and irritation.

This exploitation is non-trivial: it involves luring people to a webpage that uses JavaScript to cause the browser to first use an attacker-controlled DNS server to lookup the IP address for a subdomain to connect to an outside server, then the browser is encouraged to reconnect to the server, the IP address is looked up again, and this time, the subdomain resolves to the local IP address of the router rather than the outside server.

The internet remains resilient, and its underlying protocols and technologies dominate global networking – but its relevance may be challenged by the increasing amount of traffic carried on private networks run by Big Tech, or rules imposed by governments.

So says a Study on the Internet's Technical Success Factors commissioned by APNIC and LACNIC – the regional internet address registries for the Asia–Pacific and Latin America and Caribbean regions respectively – and written by consultancy Analysys Mason.

Presented on Wednesday at the 2021 Internet Governance Forum (IGF), the study identifies four reasons the internet has succeeded:

Users of BT’s Mini Whole Home Wi-Fi range-extender discs have noticed their devices are making hundreds of thousands of daily DNS lookups for big tech companies’ websites – causing problems for some wanting to access Gmail and Microsoft services.

The huge volume of requests generated by the BT-branded discs has caused problems for some Reg readers after their DNS-lookup-spewing IP addresses were flagged by their DNS providers as hives of malicious activity.

Irritated individuals have told us each of their discs generates one DNS lookup for google.com every second – meaning one disc generates 86,400 lookups a day. For those using three or four discs and a custom DNS server configuration, the impact is enough to get their IP addresses flagged as suspicious, we were told.

Updated Unlucky netizens are right now unable to log into Microsoft's online services, including Azure, Teams, Dynamics, and Xbox Live, due to an ongoing global outage.

The IT breakdown is blamed on a DNS issue, and started an hour and a half ago at time of writing. According to the Windows giant's status page:

Customers of the UK's self-professed #1 provider of domain names, GoDaddy-owned 123 Reg, have had a frustrating few days after finding DNS records disappearing from their dashboards.

The issue is a nasty one as the vanishing of the records prevents users from assigning domain names to IP addresses or making edits. This is quite unfortunate when one considers that registering domain names is what 123 Reg is all about.

Things began to go off the rails as long ago as last Thursday, 5 November, when the company admitted that some customers "may experience issues with DNS management." Not to worry though, the hardworking 123 Reg team was on the case and a fix would be deployed ASAP.

Seven vulnerabilities have been found in a popular DNS caching proxy and DHCP server known as dnsmasq, raising the possibility of widespread online attacks on networking devices.

The flaws, collectively dubbed DNSpooq, were revealed on Tuesday by Israel-based security firm JSOF at the conclusion of a five-month coordinated disclosure period. The bugs are believed to affect products from more than 40 IT vendors, including Cisco, Comcast, Google, Netgear, Red Hat, and Ubiquiti, and major Linux distributions.

JSOF researchers identified three cache poisoning bugs (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) and four buffer overflow bugs (CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681).

Web infrastructure company Cloudflare is pushing for the adoption of new internet protocols it says will enable a "privacy-respecting internet."

These include an updated secure DNS service that hides the identity of the client, a password protocol that means a password is never transmitted to the server, and an encrypted "client hello" that does not leak server names.

Most internet traffic is encrypted today but this is not enough to protect privacy or prevent unwanted profiling and ad targeting. Cloudflare CTO John Graham-Cumming has posted about new protocols that do a better job, but also pose "an enormous challenge for companies that have built a business on aggregating citizens' information in order to target advertising."