Posts tagged DNS
The FBI will be shutting down the temporary DNS servers that they set up to support Internet users that were compromised with DNSChanger malware. Anyone still using those DNS servers will be unable to resolve host names, which will effectively render them unable to do pretty much anything online until they clean up their infected system.
On November 8th 2011, the FBI, in conjunction with NASA-OIG and Estonian police, arrested several criminals operating under the company name “Rove Digital”. Rove Digital had been distributing DNS changing viruses (TDSS, Alureon, TidServ and TDL4). They then routed victims through their own DNS servers in order to direct traffic to junk ads. They infected around 4 million users, and made a reported $14Million before getting shut down.
With such a large number of compromised users relying on Rove Digital’s DNS servers for their Net access, the FBI decided to temporarily leave the DNS servers up and running to give people time to clean up their infected systems. Because people have been slow about cleaning up their computers, the FBI extended their original March deadline to Monday July 9th.
If you would like to verify that your computer is clean, you can go to http://www.dcwg.org/detect/ for a list of safe sites that you can use to check. Should you find that you have a compromised computer, they have good resources available to help you clean up your system.
There is always confusion about what DNS does and what it doesn’t do. In particular, I see constant reference to DNS functions mixed up with web server functions, and vice-versa. Hopefully this post clarifies things a bit to separate what DNS does and what web servers handle.
A while a go, I wrote down some personal rules to what I should do as an admin. First and foremost, and underlined about six times was this: Test Everything. It seems so simple, but you have to consider, if it’s not tested, and verified, it’s not working. Simple. Oh, it may be working, but it may not be. “May” is not good enough. So when I roll out a new server, I test and test and test. When I make a change, I test it. If I do reboot a server, I watch logs to make sure that the services are working. If the logs don’t show that everything is working, I manually test things.
IP address allocation for web hosting isn’t really a new topic, it has in fact been pretty well resolved for over a decade. But it’s still a point of confusion to some people, so here we go.
Websites have a hostname, like www.iphouse.com. When you click on a link or enter a URL into your web browser, the browser extracts the hostname from the URL and opens a connection to it. But the network doesn’t work with a hostname, it works with numeric IP addresses like 3522190849, which is usually written 188.8.131.52. So the web browser first has to look up the IP address for the hostname through DNS, the Domain Name System. Once it has an IP address, it can open a connection to the server and request the file.
While the majority of people know about A, CNAME, and MX records, DNS actually has many dozens of types in common use, and many more dozens of faded historical use that aren’t used at all.