Created
February 3, 2014 11:08
-
-
Save bortzmeyer/8782108 to your computer and use it in GitHub Desktop.
Freenode apparently trying to mitigate a dDoS attack by redirecting users to themselves
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
% dig A chat.freenode.net | |
; <<>> DiG 9.9.2-P2 <<>> A chat.freenode.net | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53775 | |
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1 | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags: do; udp: 4096 | |
;; QUESTION SECTION: | |
;chat.freenode.net. IN A | |
;; ANSWER SECTION: | |
chat.freenode.net. 711 IN A 83.170.73.249 | |
chat.freenode.net. 711 IN A 127.0.0.2 | |
chat.freenode.net. 711 IN A 38.229.70.20 | |
chat.freenode.net. 711 IN A 82.96.64.4 | |
chat.freenode.net. 711 IN A 208.80.155.68 | |
chat.freenode.net. 711 IN A 128.237.157.136 | |
chat.freenode.net. 711 IN A 213.92.8.4 | |
chat.freenode.net. 711 IN A 127.0.0.1 | |
;; Query time: 22 msec | |
;; SERVER: 192.168.2.254#53(192.168.2.254) | |
;; WHEN: Mon Feb 3 12:07:52 2014 | |
;; MSG SIZE rcvd: 174 | |
Official from Freenode : it is done on purpose http://status.engineyard.com/incidents/rs81b00526v2
If I'm actually looking at the correct source code, they filter 127.0.0.1
$targets = gethostbynamel("irc.freenode.net");
$index = array_search('127.0.0.1',$targets);
if($index !== FALSE){
unset($targets[$index]);
}
Probably not the correct source code, since irc.freenode.net does not exist...
irc.freenode.net has a CNAME to chat.freenode.net
They changed the target now to 208.80.155.68
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DNSDB confirms that, from many places, such local addresses are seen in Freenode replies. (The result is random because DNS is used for load balancing so you may see something different. Retry a few minutes later.)