Google Public DNS no longer blocking access to the Cesidian Root domains


We are happy to report that Google Public DNS servers 8.8.8.8 and 8.8.4.4 no longer block access to certain Cesidian Root domains.

On 12 March 2014, Google servers suddenly started performing DDoS attacks in the form of DNS amplification attacks (PDF) against two of the Cesidian Root's DNS servers. These attacks ended two days later only after blocking the responsible IP ranges from Google.

Our internal contacts to the German CCC (Chaos Computer Club) allowed us to later find out that the Cesidian Root servers' attack was probably due to Google Public DNS servers 8.8.8.8 and 8.8.4.4 being hacked.

It appears that Google Public DNS servers do fully support DNSsec security policies and validation, but according to iTnews.com.au, it is not clear whether the routers for the servers' network support resource public key infrastructure (RPKI) for border gateway protocol (BGP), suggesting there is no policy in place to prevent BGP hijacking [1].

Unfortunately, due to a misunderstanding, perhaps on both sides, Google ITs became incensed at the Cesidian Root's blocking, and responded by blocking access to certain Cesidian Root domains on Google Public DNS servers.

Well, we are happy to report that Google Public DNS no longer blocks access to the Cesidian Root domains.


Past Cesidian Root servers attack probably due to Google Public DNS server hijack
http://ummoa.today/past-crt-servers-attack-due-to-google-hijack.html

Google Public DNS Server Traffic Hijacked
http://thehackernews.com/2014/03/google-public-dns-server-traffic.html

Internet traffic hijacking on the rise
http://www.itnews.com.au/News/365006,internet-traffic-hijacking-on-the-rise.aspx

Google servers attack two Cesidian Root servers
http://ummoa.today/google-servers-attack-crt.html
HMRD Cesidio Tallini [2, 3]
UMMOA Today