

Tell HN: U.S. gov't blacklisted all DNS entries pointing to Linode machines - kljensen

This means DNS queries will not resolve for government employees if they point to Linode hosted machines.<p>I've verified this with USMC, USDA, &#38; Sandia national lab.  Heard that the top level domain linode.com was black holed due to its association with malicious activity as per a US-CERT Situational Awareness Report 10-015-01A UPDATE.<p>This is a big pain in butt for those of us that are grant funded or work with U.S. Government.
======
praeclarum
The less the government sees of the internet, the less they interfere with it.
I hope they blacklist the entire thing.

~~~
DennisP
Yep, one more reason to use Linode.

------
caker
> This means DNS queries will not resolve for government employees if they
> point to Linode hosted machines.

This is total FUD. Please check your statements for accuracy.

~~~
otto
I work for a gov agency and both linode and hosted sites work for me.

~~~
kljensen
Not FUD. Verified for multiple cases in which a CNAME points to a linode
XXX.members.linode.com address.

I'm guessing the variance is due to different agencies implementing different
security stuff. Again, 3x verified & no intent of FUD --- I __love __linode.

------
chaosmachine
This reminds me of when I worked tech support for a big US ISP. I would get
calls from users who couldn't connect to certain .mil sites because they had
an IP ending in zero (x.x.x.0). The only solution was to reset their modem and
hope the DHCP server would give them a new IP that didn't end in zero.

------
Slashed
_Heard that the top level domain linode.com was black holed due to its
association with malicious activity [...]_

Reading this sentence, reminded me of Google using Linode when that incident
happened with Chinese hackers.

~~~
metamemetics
[http://blog.linode.com/2010/01/15/linode-and-the-google-
cybe...](http://blog.linode.com/2010/01/15/linode-and-the-google-cyber-
attacks/) "No Linodes were involved in malicious activity related to this
event. In fact, it was Google itself that chose to use Linode to aid in their
investigation of the attacks"

~~~
ig1
<http://www.us-cert.gov/cas/techalerts/TA10-055A.html> suggests otherwise.

~~~
MrHyde
So, McAfee identifies a single node as "associated" with the incident:
li107-40[dot]members[dot]linode[dot]com. And Linode has a post which
specifically references a single node being associated but under Google's
control and not malicious control at all times.

Doesn't appear to me that there's any contradiction. There is no evidence that
a Linode was used for anything _malicious_. There is evidence that a Linode
was _used_.

~~~
ig1
From the cert page:

"the following malicious domains were identified"

------
fnid2
I think the real issue here is just letting anyone use your servers for
whatever they want. It's a big problem in the cloud because even there, you're
guilty by association.

The cloud providers are going to have to be more scrupulous about who they
allow to use their infrastructure if they don't want to tarnish the image of
their upstanding customers.

~~~
tomhogans
I wouldn't use any provider that took an active interest in monitoring my
traffic or examining my VPS.

~~~
fnid2
It's not about that, it's about figuring out who you are before you sign up.

~~~
mantas
How? By adding a "Are you a terrorist?" checkbox in signup form? Doing full
CIA scan for all new users? Maybe they should require web serving license
issued by govt, like they do for guns?

~~~
fnid2
There are ways that are less intrusive, but still somewhat effective. Security
is mostly about probabilities. The more circles you remove from the venn
diagram, the lower the probability of problems.

So if you remove everyone from China, sure, you remove a lot of fine
customers, but you also remove a _huge_ swath of the internet crime rings.
Require a US based address. Email the people and have a conversation. Require
a phone call.

It's the same as renting out an apartment, If you start renting your
apartments to criminals, pretty soon, all you'll have is criminals.

------
wgj
Set up a reverse proxy somewhere for your government friends to use.

~~~
nwinter
Ugh, Linode _is_ our reverse proxy.

~~~
hack_edu
Try Chunkhost, free beta.

------
fadmmatt
Can anyone check to see if <http://matt.might.net/> is blocked?

I host it on a linode.

Thanks!

~~~
fadmmatt
My brother in the Army can still see it, so it's apparently not all
government.

By the way, he can't get to Hacker News.

------
carl_
Do you have a direct link to this CERT awareness report? Google foo is failing
me at present.

------
ww520
WTF. I host in Linode.

