Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: OT: Akamai DNS and Yahoo
From: n3td3v <xploitable () gmail com>
Date: Tue, 9 Nov 2004 23:03:20 +0000

On Tue, 9 Nov 2004 23:02:15 +0000, n3td3v <xploitable () gmail com> wrote:
On Tue, 09 Nov 2004 15:17:32 -0700, John Neiberger


<john.neiberger () efirstbank com> wrote:

I saw many references about this in the archives but I haven't seen a
solution to it and we just started seeing this problem. Beginning
sometime very recently, our DNS servers are not able to resolve
www.yahoo.com. I have no problem if I point my PC to an external DNS
server, but when I point it back at our internal servers I get timeouts
when trying to resolve that domain.

A Google search turned up dozens of posts over the past few years
regarding people not being able to resolve www.yahoo.com, but the
solutions don't seem to apply to our environment. We're running a
version of BIND 8 on Solaris 9, and it's likely that this behavior began
this weekend after we applied the most recent patch cluster for Solaris
9 and rebooted the server. For quite a while, all external DNS was
failing and we still have some odd intermittent problems but the most
noticable issue that is 100% reproducible is the failure to resolve
Yahoo addresses.

I saw a few Usenet posts that mentioned this could be a problem with
Extensions for DNS and the fact that DNS replies could be larger than
512 bytes. This would be a problem if you were behind a PIX firewall
running a certain version of software and with a certain feature
configured because it would drop all UDP DNS packets over 512 bytes.
This doesn't really fit our environment so I'm still looking for
answers.

Any thoughts?

Thanks,
John
--

Yes, yahoo had an incident with its DNS in the past week(s) with its
dns configuration with regards of "akadns". Yahoo! security team were
alerted my myself as soon as abnormal behaviour was reported by the
scripts i have running on various yahoo and aka servers to get upto
date status.

The problem first started from what I monitored from Yahoo! having the
address in the address bar as "yahoo.akadns.com" to Yahoo! serving a
blank HTML/PHP as the homepage, while still showing "Yahoo!" as the
HTML title of the homepage document. (proving my network was not at
fault from network disruption, yahoo and more focused akadns was to
blame for the spate of outages one day in the past week(s).)

I'll talk to you further in private if you wish, or on the list

....

Thanks, n3td3v

http://www.geocities.com/n3td3v

I'm a security enthusiast


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]