Internet users in China hit with a massive DNS issue

Posted on January 21st, 2014 by Websitepulse in WebSitePulse News, Tech

DNSToday (Jan 21, 2014) between 07:00 and 09:00 UTC mainland China was hit by a wave of network issues. A large number of both Chinese and international domains were reporting connection timeouts and were completely unaccessible. The cause for this was that for some reason a large number of domains were resolving to a single IP address - 65.49.2.178. The problem was reported as resolved in most places around 08:50. Due to the DNS caching infrastructure however a lot of users will still be affected until the cached bogus records expire. Users were suggested to use alternative DNS servers like Google's 8.8.8.8. We strongly recommend if you are using a DNS caching server in China to flush it as soon as possible to avoid DNS issues

The news sources in China first blamed it on a DNS poisoning of the root and the gTLD DNS servers. This however is not the case since the networks outside mainland China were not affected at all. Our investigation showed DNS responses from authoritative name servers coming with bogus data when queried from our servers in Beijing, Shangai and Guangzhou.

For example our first notice of the issue was when we requested the A record of static.bbci.co.uk. from ns1.thdow.bbc.co.uk (212.58.240.163), which is one of the authoritative DNS serves for bbc.co.uk, the response was

static.bbci.co.uk.      37621     IN      A 65.49.2.178

instead of  the correct record which is

static.bbci.co.uk.      900     IN      CNAME   static-bbci.bbc.net.uk.

This suggests that the response packet was modified in transit and the most likely culprit is the Golden Shield Project (also known as The Great Firewall of China). A possible reason for the misshap is that instead of blocking the 65.49.2.178 IP address all DNS queries were redirected to this IP. Ironically they actually succeeded blocking the IP by creating a massive DDOS attack from all Chinese users who were making connections to this address while trying to access different sites.

The offending IP 65.49.2.178 has an interesting story itself but I'll just put a few pointers
 - It is owned by Sophidea, Inc. registered on the address 2710 Thomes Ave Suite 884, Cheyenne, WY, 82001, US. Reuters ran a special story about this address a few years ago (www.reuters.com/article/2011/06/28/us-usa-shell-companies-idUSTRE75R20Z20110628)
 - While there is scant information regarding Sophidea, Inc I can see that they are providing hosting services to a large number of companies and the IPs from this range were frequently reported for spam
 - Hosted on the same network range is ultrasurf.us which was created to provide means to bypass the China Firewall and provide anonymous Internet access. Ultrareach Corp - the company which owns UltraSurf is registered on the same postal address in Wyoming above. There was some discussion of the actual value of the services provided by UltraSurf  (blog.torproject.org/blog/ultrasurf-definitive-review) but still their service might have something to do with the Chinese goverment wanting to restrict access to this netblock

 Update Jan 22, 2014

Read more...

Use Stats Publisher to Show Your Target's Uptime to Clients

Posted on January 20th, 2014 by Damien Jordan in Tech

If your business largely depends on your website, you may often need to show its uptime to your customers.

As a WebSitePulse client, you have an option called ‘Stats Publisher’where you set up a public report page that includes the uptime statistics for one or more of your targets. The reports are published on www.MyWebReports.net and can be viewed by everyone, or just by the people whom you give access to.

Read more...

Target Groups and User Management, Part 2

Posted on December 5th, 2013 by Robert Close in Tech

In Target Groups and User Management, Part 1 we talked about target groups, setting up general groups, and user management settings. Now, we continue with adding new users to your account, securing the account, customizing permissions and a few more extras. 

If you click on the Add New User button,

Read more...

Target Groups and User Management, Part 1

Posted on December 4th, 2013 by Robert Close in Tech

Is your account* with us getting too big for you to handle by yourself? Are there more than one users who only need access to specific targets of the account? Do you want to allow only certain people to view the reports and not be able to change the setting of your targets? In the cases above, the user management setting section and the target groups are the options you are looking for.

A lot of our clients demanded to have the ability to allow access of other people to their accounts but with the option to show only selected targets. Thus so our developers played around with the idea and came up with an ingenious solution – Target groups.

Read more...

The Brand New Chrome Transaction Recorder Is out, Part 2

Posted on November 26th, 2013 by Robert Close in Tech

We have already created a sample transaction and now we will review the reports and settings option for every step of the transaction.

If you click on the Chart icon (play statistics),

Read more...