dstern
November 29, 2022, 9:51pm
#1
At slack we got reports of 1.1.1.1 responding with REFUSED for slack . com queries for east coast users using Verizon Fios.
$ dig @1.1.1.1 slack.com
; <<>> DiG 9.10.6 <<>> @1.1.1.1 slack.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24257
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;slack.com. IN A
;; Query time: 56 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Nov 29 14:11:12 EST 2022
;; MSG SIZE rcvd: 38
seems very similar to this other thread 1.1.1.1 cannot resolve ovh.net domains and its subdomains
We tried to purge the cache for slack domains but that didn’t appear to have any results.
1 Like
Hi,
Thanks for the report.
We saw random prefix attack for slack.com domain and queries were refused because of automatic attack mitigation. We have currently disabled automatic attack mitigation for slack.com coming from select networks.
Can you please check again ?
Thanks
dstern
November 29, 2022, 10:30pm
#4
It appears to be working again!
Thank you for the prompt response.
1 Like
Hi,
Update: we have temporarily disabled automatic attack mitigation on slack.com domains everywhere. We are looking at improving detection of valid names while still blocking random prefix attacks.
Thanks
tyler6
November 30, 2022, 2:03pm
#6
can confirm, seems fine here now too.
system
December 30, 2022, 2:04pm
#7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.