[App_rpt-users] Network wide outage and Security Alert

Joey Kelly joey at joeykelly.net
Wed Dec 30 03:14:21 UTC 2020 

On Tuesday, December 29, 2020 06:26:08 PM Eric Fort wrote:
> Is this really a network wide outage or simply the transition spoken of by
> the board announcement slightly earlier today?

I'm seeing this:


marsh:~# whois allstarlink.org

<snip>

Domain Name: ALLSTARLINK.ORG
Registry Domain ID: D104624705-LROR
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2020-12-29T22:45:48Z
Creation Date: 2004-07-13T03:40:37Z
Registry Expiry Date: 2021-07-13T03:40:37Z

<snip>
Name Server: EVELYN.NS.CLOUDFLARE.COM
Name Server: TONY.NS.CLOUDFLARE.COM



The DNS servers were definitely changed today at the registrar (gandi.net in 
this case).


Hope this helps.

--Joey Kelly WD5AJK



> 
> Eric
> 
> Sent using SMTP.
> 
> > On Dec 29, 2020, at 6:10 PM, Bryan Fields <Bryan at bryanfields.net> wrote:
> > 
> > Allstarlink is having a network wide outage starting about 6pm EST/2300
> > UTC.
> > 
> > The registration services are down, and all web services are down.  It
> > appears the dns glue records at the .org servers have been re-pointed to
> > different servers.
> > $ dig ns allstarlink.org.  @b2.org.afilias-nst.org.
> > 
> > 
> > ;; QUESTION SECTION:
> > ;allstarlink.org.        IN    NS
> > 
> > ;; AUTHORITY SECTION:
> > allstarlink.org.    86400    IN    NS    tony.ns.cloudflare.com.
> > allstarlink.org.    86400    IN    NS    evelyn.ns.cloudflare.com.
> > 
> > 
> > Prior to this they were:
> > allstarlink.org.    2445    IN    NS    dirtyparrot.digiflux.org.
> > allstarlink.org.    2445    IN    NS    caustic-sea.allstarlink.org.
> > allstarlink.org.    2445    IN    NS    ns2.afraid.org.
> > 
> > This effectively changed the entire allstarlink.org DNS to point to a
> > different set of servers which returns bunk data.
> > 
> > example:
> > $ dig register.allstarlink.org.
> > ;; QUESTION SECTION:
> > ;register.allstarlink.org.    IN    A
> > 
> > ;; ANSWER SECTION:
> > register.allstarlink.org. 60    IN    CNAME    allstarlink.org.
> > allstarlink.org.    60    IN    A    34.105.111.212
> > 
> > This is a security problem as your registrations is being passed to an
> > unknown server.  You need to take immediate action and modify your nodes
> > to not register to register.allstarlink.org.
> 
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.keekles.org
> http://lists.keekles.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> To unsubscribe from this list please visit
> http://lists.keekles.org/cgi-bin/mailman/listinfo/app_rpt-users Unsubscribe
> posts to the list will result in public shaming.

-- 
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550

More information about the App_rpt-users mailing list