Thread: PayPal Down
View Single Post


Old
  Post #10 (permalink)   11-11-2016, 01:09 PM
kaijuinc
HD Newbie
 
Join Date: Nov 2016
Location: Chicago
Posts: 5

Status: kaijuinc is offline
Quote:
Originally Posted by zomex View Post
I didn't notice it but it's always worrying that a company of PayPal's size and authority suffers the same risk as any other website
Unfortunately the problem isn't necessarily with PayPal itself, the larger problem is how DNS is handled. Because the attack was on their DNS provider, any recursive servers that cache the results only can cache them until the TTL expires. Even if the upstream reports SERVFAIL or does not respond, they then start to return SERVFAIL or NXDOMAIN for the site.

One way to fix this is to not drop entries upon TTL expiration IFF the upstream server returns SERVFAIL or does not respond. Alternatively, DNS pinning might not be a bad idea for entries that don't charge often.