TWIET 473: Anatomy of an Outage

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

I worked for one company and set up their firewall. They wanted to only let the DNS servers on the network access external DNS servers.

I fully documented all the settings. Then they didn’t renew my contract.

A couple of months later, I got a panicked call from my old boss, a good friend, he had fought to keep me. They had had a lightning strike and the primary and backup DNS servers were fried and he couldn’t get onto the internet.

I had to remind him that he wanted DNS blocked and talk him through deactivating the relevant rule.

1 Like

In all honesty, that is a good security recommendation. Even better would be to hard code specific external DNS servers.

But yes, if the internal servers get fried, you are up the creek.

Hopefully you sent him a bill to pass up the chain :slight_smile: