5

As many of you noticed, last night's DDoS attack against Dyn.com made many major services unavailable, including Twitter and Spotify. Spending one Friday evening without Twitter was enough and I want to be prepared if this ever occurs again.

The way I understand this attack is that the services themselves (Twitter, Spotify, Reddit...) were not under attack, but the gateway (DNS server, a.k.a Dyn) was, so if I just knew a way to access these sites without relying on the affected DNS server, I should be able to access them? Are there any methods for doing this, or is this simply not possible?

One method I stumbled upon is to use OpenDNS servers, as they cache most of the DNS responses and can therefore provide them even if the actual DNS server is down. (I haven't tested this and I don't know if it should even work)

imas145
  • 151
  • 3
  • 3
    You could also run your own local DNS cache. I'm sure there's software for this, but a low-tech solution could be to just have a cron job that resolves twitter.com every so often and stores the output in a file. When it goes down, look at the file... another solution is to break your Twitter addiction (just kidding :p ) – Thomas Oct 22 '16 at 08:32
  • 1
    OpenDNS (or Open Resolvers) are the servers which do the recursive for anyone. Means, if you ask them what is the IP address of stackexchange.com, they will give you the answer by recursively querying the root, then TLDs and then actual domain. If domain dns is down, then OpenDNS will also going to fail after TTL timeout. – Gaurav Kansal Oct 22 '16 at 10:42
  • @GauravKansal OpenDNS already keep cache of most of the Domain names so they don't have to resolve DNS queries again and again. Isn't changing DNS server to google DNS still not going to work? – defalt Oct 22 '16 at 13:42
  • @user334283.... OpenDNS does the DNS query when a client ask for the record. It's not like that they automatically cached (unless until designed in a manner to map the whole Internet). Google OpenDNS also respect TTL value and they only answer your query if record has valid TTL value. If authoritative server is down and TTL is expired then google servers will not going to give you the answer. – Gaurav Kansal Oct 22 '16 at 13:45
  • @GauravKansal Both openDNS and google DNS not always have to ask from authoritative server. They keep logs. If a DNS query to that IP has been asked before also then they will simply look in their cache and send a response. It saves time. – defalt Oct 22 '16 at 14:03
  • Exactly but if TTL value is valid. – Gaurav Kansal Oct 22 '16 at 14:29
  • my answer [link](http://security.stackexchange.com/a/140556/21144) might give you a different type of solution – elsadek Oct 22 '16 at 15:52

1 Answers1

2

Before answering your question, i will explain how Internet works.

When we open a website in a browser (or through any other way), our browser first does a DNS request for that domain and then send HTTP request to the web server.

Suppose, we have typed www.stackexchange.com in our browser, then -

  1. DNS request will go to resolver; query will be like - what is an IP address of www.stackexchange.com
  2. If resolver doesn't have the answer (A record in our case) in its cache or if TTL has been expired, then
  3. Resolver does the recursive query for that domain and if able to reach to authoritative servers for said domain, then resolver answer our query.
  4. After getting the IP address of the website, browser send a HTTP request to the web-server and show the result.

Below image shows how recursive query happens in DNS --

enter image description here

Now comes to your question:

If i just knew a way to access these sites without relying on the affected DNS server, I should be able to access them? Are there any methods for doing this, or is this simply not possible?

Internet in its standard format works in a way as i explained above.
Standards says, you should respect the TTL value. No standard DNS implementation (be it BIND, UNBOUND or any other) supports caching of the domain entries after expiration of TTL value.

If you really want to achieve such thing, then you have to tweak the code accordingly (I will not suggest you to do this at all; Reason is explained below).

Issues involved in not respecting TTL value -
Suppose, you have cached the IP address for a domain and you are relying on your cache, after expiration of TTL;
And domain owner changes the IP address of its domain (for any reason whatsoever);
You will keep on going to the same IP address which is there in your cache;
You will land to the OLD IP address each and every time; And you will not find any data there.

In case domain is signed (i.e., DNSSEC implementation), things will going to be really messy; if you don't respect TTL value.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Gaurav Kansal
  • 637
  • 6
  • 22