WARNING: DNS fuckery is in progress
(This post has been modified for clarity. This is the final posting till I have more info, possibly in time for the next graveyard shift.)
I posted about this two days ago but I didn't have many details and, besides, nobody cared.
>>13539045, >>13539087, >>13539344, >>13539407, >>13539417 (all pb)
This is serious. The situation is stable right now but there is clearly a plan to open a can of worms on the anons here. DNS servers worldwide are being seeded with invalid IP addresses for "8kun.top". Apparently, this is being done through an exploit and some servers may be immune. Use this link to monitor the situation:
https://dnspropagation.net/A/8kun.top
Refresh the page a few times and look through it to see if some servers are showing just one IP address for this site. There should be a set of 8. The bad DNS lookups appear randomly. This is happening with my own ISP and also with Google DNS. I am still trying to determine if Cloudflare or OpenDNS are vulnerable. (Update: I need to modify my testing protocol to get better stats.)
Now, the key to this is what is called the TTL which means "Time To Live". It is normally 60 seconds for this site. This means that, if your DNS server gets seeded with an invalid IP address then you need only wait 60 seconds for your DNS cache to refresh and get a new address. This is why there are no howls of grief. People simply assume that a random glitch occurred because it goes away quickly. Note that this may not necessarily be true for everybody. Though the TTL is supposed to be 60 seconds, some DNS servers (meaning the one supplied by your ISP) may ignore this value. That is, it may take a longer period of time for the bad IP address to get flushed out of the cache. I don't know this but you should keep it in mind if the site seems to go down for a long period.
There are two critical subdomains involved: "8kun.top" and "media.8kun.top". If "8kun.top" fails, auto-updates will fail and the catalog will fail. If "media.8kun.top" fails, images and other media will not load. The two will RARELY fail at the same time. This is another reason why it may look like just a temporary glitch. The frequency of occurrence is around once every two hours though YMMV.
I have seen only one problem report: >>13554086 (pb)
why did I just get an error message for 8kun from facebook?
I have verified that this can happen. Some of the invalid IP addresses are owned by Facebook and I have found two which are live. None of the others are live. Here is a list of addresses which resolve with a reverse DNS lookup:
31.13.66.1 - edge-secure-shv-01-iad3.facebook.com
31.13.68.22 - edge-extern-shv-03-xsp1.facebook.com (live)
31.13.85.8 - edge-star-shv-01-gru2.facebook.com (live)
31.13.95.37 - whatsapp-chatd-msgr-mini-edge-shv-02-cgk1.facebook.com
64.13.232.149 - acmkoieeee.gs02.gridserver.com
74.86.226.234 - ea.e2.564a.ip4.static.sl-reverse.com
75.126.164.178 - b2.a4.7e4b.ip4.static.sl-reverse.com
108.160.172.208 - experiment.v.dropbox.com
These IP addresses do not resolve:
31.13.66.23, 31.13.90.19, 69.63.176.59, 69.63.187.12, 69.171.244.12,
103.252.115.53, 104.244.43.57, 104.244.46.85, 104.244.46.211, 108.160.163.116,
108.160.165.211, 108.160.170.51, 185.45.7.189
There could be hundreds of addresses being circulated. I am no expert on DNS or Internet security so I have no conclusion to make about the distribution. I will note that a cursory examination suggests to me that the addresses are all under the control of possibly just one Internet authority. Look here:
https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
Continued in next post (wtf? did somebody just change the maximum post length???)…