Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
 [flagged] is there a global DNS issue happening? (faa.gov)
26 points by gnarbarian on April 4, 2023 | hide | past | favorite | 32 comments


It looks like their DNS is not resolving. How do we know they are under attack?


https://www.faa.gov/ Works fine, most likely someone forgot to redirect the root to www


Whatever is going on seems to be intermittent from querying my ISP's DNS.

Successive queries using dig have given me:

- No answer but no error for initial A record query

- SERVFAIL for ANY record query

- Valid A record response for A record query, then no answer, then a response

- Query for ANY shows some DNSSEC related records, TXT, NS, but no A record

It's weird because I wouldn't think whatever caching my ISP is doing would refresh that fast. What is the evidence this is an attack vs. a misconfiguration?

Also, would an outage like this have any impact on US flights or flights in US airspace?


Keep in mind when you query your ISPs DNS server you're probably hitting one of dozens (or more) actual servers semi-randomly. Some of them have the record cached, some don't.


The response showed the same server for at least two of the responses I described, but that's a good point. The edge server may have been querying different servers with different cached values or uncached values.


Even if you see the same response IP from your ISPs DNS server, you're still (almost definitely) hitting one of many load balanced (in some way) servers on your ISPs side.


There is some major outage going on, but it isn't the FAA. 1.1.1.1, 1.0.0.1, and 9.9.9.9 are suddenly unreachable from my part of the planet. 8.8.8.8 is, otherwise I wouldn't be able to post this. Many WWW sites that I know are behind CloudFlare are timing out. These aren't DNS issues. These are connectivity issues. The actual DNS servers themselves aren't reachable.


Of course, when it looks like most of the planet has disappeared, always suspect your ISP first. But strangely, there is intermittent connectivity to Bing, BBC News, and here.


It's potentially related to the outage at Virgin Media (AS5089) in the United Kingdom, see https://twitter.com/CloudflareRadar/status/16430702601305047....

I'm guessing a lot of sites that had name-servers hosted in AS5089 might also have gone down too.

But as of 30 minutes ago, apparently it's back online.


not seeing anything about this in the news yet.


I see 155.178.199.16 now intermittently responding.

All of the other NSes have been hard down, and 155.178.199.16 only seems to respond from some locations (broadly US works, International does not)


Inspecting the result for `faa.gov` from 155.178.199.16 is interesting:

    ; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> +noedns faa.gov @155.178.199.16
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28118
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available
    
    ;; QUESTION SECTION:
    ;faa.gov.   IN A
    
    ;; AUTHORITY SECTION:
    faa.gov.  300 IN SOA faa-mc-igms.faa.gov. helpdesk.faa.gov. 172720 10800 1080 2419200 300
    
    ;; Query time: 558 msec
    ;; SERVER: 155.178.199.16#53(155.178.199.16)
    ;; WHEN: Tue Apr 04 02:47:54 UTC 2023
    ;; MSG SIZE  rcvd: 82
but 155.178.199.16 seems to respond to www.faa.gov correctly:

    ;; QUESTION SECTION:
    ;www.faa.gov.   IN A
    
    ;; ANSWER SECTION:
    www.faa.gov.  600 IN CNAME www.faa.gov.edgekey.net.


It's always DNS


I add some NS records for different s domains at GoDaddy and Gandi an they are not being propagated. This is happening from las Friday


It works with www. at the beginning. https://www.faa.gov/


Do we have any source for the current title claim ("FAA DNS is under attack")?

What we have observed so far is intermittent issues but no root cause or intent. Operator error / system failure look more likely.


I agree considering the responses I'm seeing from the one working server.

If I had to guess randomly at a cause, I would speculate that all their nameservers besides 155.178.199.16 are behind a load balancer that uses checking for IN A faa.gov as a health check and someone deleted that record, so, all servers fell out of the load balancer.

50c says that their method of propagating new records relies on their DNS working so someone is having a fun night fixing that.


hear me now and believe me later.


Could be a lot of things besides an attack, but, does appear to be a global outage of both of the authoritative servers for faa.gov for all of their various A/AAAA addresses which gov-servers lists.


Can't resolve? Anyone know the IP so we can try it directly?


Under attack or someone screwed up and deleted an A record?


I'm seeing no A or CNAME records on my end. Just SPF, NS, MX, TXT, etc


Seems to be unresolvable globally: https://www.whatsmydns.net/#A/faa.gov


what is this site called again? some folks would do good to google "jvns.ca dns"

```

> dog -n 1.1.1.1 -t A faa.gov

[prints the A record]

> dog -n 8.8.8.8 -t A faa.gov

Server failure.

```


It is fixed now


I get "site can't be reached".


It's working for me, I just checked.


We probably have different DNS caches. They'll probably flush through in the next TTL 3600.


I mean, it wasn't working, then it started working, so I don't think it is my cache.


post a traceroute?


Doesn't load for me.


Idk what to say, it didn't load for a while and now it is. If I could upload screenshot to prove it I would.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: