Post ArfeWpGSxPQZdew8Dg by shreyasonline@infosec.exchange
(DIR) More posts by shreyasonline@infosec.exchange
(DIR) Post #ArePSiyUhxEuVC9mVc by bortzmeyer@mastodon.gougere.fr
2025-03-02T17:17:50Z
0 likes, 0 repeats
nih.gov #DNS servers seem down at least for a good part of the Internet. Something broken by the Musk boys or a genuine technical issue? #health
(DIR) Post #ArePthhfXiqeNU9T3Q by bortzmeyer@mastodon.gougere.fr
2025-03-02T17:22:12Z
0 likes, 0 repeats
See also https://lists.dns-oarc.net/pipermail/dns-operations/2025-March/022843.html#NIH #DNS
(DIR) Post #AreQqzwfMb3k2VRLmq by winfried@fosstodon.org
2025-03-02T17:33:24Z
0 likes, 0 repeats
@bortzmeyer the ports seem to be blocked intentionally by someone who doesn't know that DNS doesn't only use UDP. I can't imagine it's not intentional
(DIR) Post #AreREQxz46ScVMEQ4G by jpmens@mastodon.social
2025-03-02T17:37:37Z
0 likes, 0 repeats
@bortzmeyer he probably fired all the DNS experts, so please stand by for a call from musk
(DIR) Post #AreRQwbpFDp07LpgGW by bortzmeyer@mastodon.gougere.fr
2025-03-02T17:39:41Z
0 likes, 0 repeats
@jpmens https://write.as/bortzmeyer/nih-dns-broken
(DIR) Post #AreRakk0DzcqCmKnQG by jpmens@mastodon.social
2025-03-02T17:40:08Z
0 likes, 0 repeats
@winfried are you saying DNS also uses TCP?! Next you’ll be trying to sell us that DNS messages can be larger than 512 bytes … #crazy @bortzmeyer
(DIR) Post #AreRalmANQwzPmM2Qy by bortzmeyer@mastodon.gougere.fr
2025-03-02T17:41:41Z
0 likes, 0 repeats
@jpmens @winfried Here, it is the opposite : TCP works, UDP does not.
(DIR) Post #AreRmeF0DXKpWLVSYy by jpmens@mastodon.social
2025-03-02T17:43:49Z
0 likes, 0 repeats
@bortzmeyer I love “DOGE goons”. Somebody in my timeline pronounces it DOGGY and I love that too.
(DIR) Post #AreUOmDpBz7DBaGSIK by paul_ipv6@infosec.exchange
2025-03-02T18:13:08Z
0 likes, 0 repeats
@bortzmeyer @jpmens 1.1.1.1/cloudflare is the DNS operator for the zone, so their recursives do have answers. some of the other big recursives in the US may also be doing serve stale right now.if i query to the auth nameservers directly, i get SERVFAIL for tcp or udp. traceroutes die at the edge of the NIH owned network.
(DIR) Post #ArfeWni2juIYobp7vU by jpmens@mastodon.social
2025-03-02T18:16:20Z
0 likes, 0 repeats
@paul_ipv6 @bortzmeyer I’ve been getting responses over TCP over the last ca. 6 hours:dig +tcp @ns3.nih.gov nih.gov NS
(DIR) Post #ArfeWpGSxPQZdew8Dg by shreyasonline@infosec.exchange
2025-03-02T18:24:58Z
0 likes, 0 repeats
@jpmens @paul_ipv6 @bortzmeyer It seems to be working over UDP but the response is taking 10sec to arrive, at least as seen with my online lookup tool here: https://dnsclient.net/#Recursive%20Query%20%7Brecursive-resolver%7D/pubmed.ncbi.nlm.nih.gov/A/UDP/false/
(DIR) Post #ArfeWqQQdqzVEqbbO4 by bortzmeyer@mastodon.gougere.fr
2025-03-03T07:41:19Z
0 likes, 0 repeats
@shreyasonline @jpmens @paul_ipv6 Seems completely fixed now. Someone explained to DOGE that blocking UDP for security reasons and to save taxpayer money, is not a good idea.
(DIR) Post #ArfealLBUKBMcx1LRw by paul_ipv6@infosec.exchange
2025-03-02T18:10:02Z
0 likes, 1 repeats
@jpmens @bortzmeyer it's a bit longer but i've started referring to them as "the chaos monkeys with chainsaws, better known as DOGE"...
(DIR) Post #Arfef9lqbF7zYPaTlw by bortzmeyer@mastodon.gougere.fr
2025-03-03T07:42:51Z
0 likes, 0 repeats
Now fixed.#NIH #DNS
(DIR) Post #Arfh4I64yn7gWeAByS by shane_kerr@fosstodon.org
2025-03-03T08:09:47Z
0 likes, 0 repeats
@bortzmeyer Since we've been promised "maximum transparency", I look forward to the detailed report on this incident! 🙈
(DIR) Post #ArfhH0tGGUgCvNEb2G by bortzmeyer@mastodon.gougere.fr
2025-03-03T08:12:06Z
0 likes, 0 repeats
@shane_kerr I have technical details but of course I don't know the root cause. https://write.as/bortzmeyer/nih-dns-broken