Internet users in China hit with a massive DNS issue

Posted on January 21st, 2014 by Websitepulse in WebSitePulse News, Tech

DNSToday (Jan 21, 2014) between 07:00 and 09:00 UTC mainland China was hit by a wave of network issues. A large number of both Chinese and international domains were reporting connection timeouts and were completely unaccessible. The cause for this was that for some reason a large number of domains were resolving to a single IP address - 65.49.2.178. The problem was reported as resolved in most places around 08:50. Due to the DNS caching infrastructure however a lot of users will still be affected until the cached bogus records expire. Users were suggested to use alternative DNS servers like Google's 8.8.8.8. We strongly recommend if you are using a DNS caching server in China to flush it as soon as possible to avoid DNS issues

The news sources in China first blamed it on a DNS poisoning of the root and the gTLD DNS servers. This however is not the case since the networks outside mainland China were not affected at all. Our investigation showed DNS responses from authoritative name servers coming with bogus data when queried from our servers in Beijing, Shangai and Guangzhou.

For example our first notice of the issue was when we requested the A record of static.bbci.co.uk. from ns1.thdow.bbc.co.uk (212.58.240.163), which is one of the authoritative DNS serves for bbc.co.uk, the response was

static.bbci.co.uk.      37621     IN      A 65.49.2.178

instead of  the correct record which is

static.bbci.co.uk.      900     IN      CNAME   static-bbci.bbc.net.uk.

This suggests that the response packet was modified in transit and the most likely culprit is the Golden Shield Project (also known as The Great Firewall of China). A possible reason for the misshap is that instead of blocking the 65.49.2.178 IP address all DNS queries were redirected to this IP. Ironically they actually succeeded blocking the IP by creating a massive DDOS attack from all Chinese users who were making connections to this address while trying to access different sites.

The offending IP 65.49.2.178 has an interesting story itself but I'll just put a few pointers
 - It is owned by Sophidea, Inc. registered on the address 2710 Thomes Ave Suite 884, Cheyenne, WY, 82001, US. Reuters ran a special story about this address a few years ago (www.reuters.com/article/2011/06/28/us-usa-shell-companies-idUSTRE75R20Z20110628)
 - While there is scant information regarding Sophidea, Inc I can see that they are providing hosting services to a large number of companies and the IPs from this range were frequently reported for spam
 - Hosted on the same network range is ultrasurf.us which was created to provide means to bypass the China Firewall and provide anonymous Internet access. Ultrareach Corp - the company which owns UltraSurf is registered on the same postal address in Wyoming above. There was some discussion of the actual value of the services provided by UltraSurf  (blog.torproject.org/blog/ultrasurf-definitive-review) but still their service might have something to do with the Chinese goverment wanting to restrict access to this netblock

 Update Jan 22, 2014

Read more...

Why Your Website Is Down - Basic Steps to Fix It from Home

Posted on May 22nd, 2013 by Boyana Peeva in WebSitePulse News, Tech

Website is downWhen it comes to building your business, it is very important to have a fully functioning website or else you are going to miss out on potential clients, resulting in a loss of revenue. Thus, you need to always make sure your website is up and running properly as several different issues can cause your website from loading and working properly. These are easy corrections though, all of which you can do on your own, at home, to make sure your website is available to the world.

When you attempt to visit your website and see an error page instead of your website, you are experiencing one of two problems: your website or host isn't working or there is a problem between your computer and the host server. In order to determine the problem, there is a series of easy tests you can perform to find and correct the issue.

Read more...

What Is a Client Side Certificate?

Posted on April 25th, 2013 by Boyana Peeva in WebSitePulse News

Client side certificateA client side certificate is a certificate you use to establish your server to the client.  This is the best way for the server to "know" exactly who is connecting to it.  It works a lot like having a username and a password on your server but without having to interact with the user.  This certificate is used when the client must be known without having to enter a username and password.

These certificates are quite useful as far as the security of your network.  They are created on the Internet server on your computer and can be requested by the client’s computer.  That way, the security of your network is a lot stronger. The client will know that all the information they have sent to your computer is secured with a digital signature provided by the host domain server.

Read more...

What Is a Ping Test?

Posted on April 18th, 2013 by Boyana Peeva in WebSitePulse News

Ping-pong

Ping is a networking utility program or a tool to test if a particular host is reachable. It is a diagnostic that checks if your computer is connected to a server. Ping, a term taken from the echo location of a submarine, sends data packet to a server and if it receives a data packet back, then you have a connection. The term "ping" can refer to the time it takes for a data packet to travel round-trip. It means "get the attention of" or "check the presence of". In a computer network, a ping test is a way of sending messages from a computer to another. Aside from checking if the computer is connected to a network, ping also gives indicators of the reliability and general speed of the connection.

Read more...

What Is SPF Check?

Posted on March 28th, 2013 by Boyana Peeva in WebSitePulse News

EmailSPF or Sender Policy Framework is a system that authenticates and identifies servers that your domain can use to send mail. The aim is to ensure that unauthorized spammers and cyber criminals do not send messages to recipients that supposedly come from your domain. With SPF in place, recipients can check the available records to determine whether the received emails really originated from an authorized mail server. Keep reading to learn more about the sender policy framework.

SPF Versus Sender ID

Contrary to popular belief, SPF and sender ID are quite different. The confusion stems from the fact that both use the same policy records syntax, validate e-mail sender addresses, and publish policy records in DNS. However, this is where the similarity ends. SPF validates two parts of the e-mail sender’s address: the MAIL FROM address and the HELO domain. You can find this information by checking the records published by domain owners. It is important to note that both the HELO domain and the MAIL FROM are part of the SMTP protocol. On the other hand, sender ID is a Microsoft protocol that validates a single field of the e-mail address header. The header to validate depends on the choice made by the Purported Responsible Address (PRA) algorithm.

Read more...