Author

Topic: Looks like some of the big pools in china are having DNS problems (Read 548 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange

It's funny that they expect everyone to be on telegram, they should have sent out emails right after this shit happened, anyway, mining is going alright, heck, this is less scary than my experience with Poolin a while back, the pool was working just fine but my hashrate was showing zero.
I logged into the .net site and was unable to make any changes to the payout addresses as the email verification never came. They are probably having the same issue with their email server.

I was however able to withdraw all mined coin to previously setup payment addresses.

I did a quick look at the email that came in on Friday about the name going from .com to .net and it did not have any SPF / DKIM / DMARC information in it so there are a lot of email services that may just blackhole the email not even accept it.

What those acronyms mean:
SPF = https://en.wikipedia.org/wiki/Sender_Policy_Framework
DKIM = https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
DMARC = https://en.wikipedia.org/wiki/DMARC


On a related note, things like this are why everyone should use DNSSEC, but for some reason trying to get people to do it is an uphill fight.
I do it on the 2 domains that I have that matter. But not on the rest. Getting others to do it is just about impossible.
There was even a discussion about a year ago on the bitcoin core github about making DNSSEC required for the seed nodes that went nowhere.
Would not have made much of a difference on what happened here, but in general it's a good thing.

DNSSEC = https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

-Dave
member
Activity: 123
Merit: 21

It's funny that they expect everyone to be on telegram, they should have sent out emails right after this shit happened, anyway, mining is going alright, heck, this is less scary than my experience with Poolin a while back, the pool was working just fine but my hashrate was showing zero.
I logged into the .net site and was unable to make any changes to the payout addresses as the email verification never came. They are probably having the same issue with their email server.

I was however able to withdraw all mined coin to previously setup payment addresses.
legendary
Activity: 2436
Merit: 6643
be constructive or S.T.F.U
Can confirm .top addresses for mining work, .net address for main web site legit.
Just had an auto-payout go through as normal.

Same here, nothing unusual, the .net website was posted in their official Telegram group which I know is legit because I have been there long before this mess, and the payout (just about an hour ago) went through with no issues.



I noticed something strange happened earlier on, which could be a bug in cgminer!, at one point and out of a sudden, some miners went offline (not showing on either pools), about 20-30 of them, I thought there was an issue with the electricity or something, but when I accessed them via anydesk, everything seemed fine, but all pools (including cksolo which is the secondary pool) were showing dead on those miners, but cksolo was showing alive on the other miners.

When I added the new stratum link on the primary pool (viabtc) the miners started hashing and ckpool was showing alive, I know ckpool was good the whole time judging by the other miners, I just didn't know why those miners failed to connect to ckpool when viabtc went offline for a brief while.

of course, I didn't bother investigating the matter any further, I just used Awesomeminer to change the primary pool on all miners pointed to viabtc to the new URL viabtc.top, and everything started working just fine.

On a side but related note, Binance pool seems like the only Chinese pool that was prepared for this, hashrate was safu.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
Whoah, things are getting quite evil in there, if they are actually sabotaging the IT infrastructure.
Well the GFW (which was designed and setup by Cisco to help China violate the human rights of it's citizens ... and the reason I never have and never will buy anything from Cisco) is designed to allow them to screw with anything crossing it.

I guess they decided to play anti-bitcoin this week (and who knows for how much longer)
legendary
Activity: 2506
Merit: 1714
Electrical engineer. Mining since 2014.
Whoah, things are getting quite evil in there, if they are actually sabotaging the IT infrastructure.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
The point that appears to be the problem is the GFW.

No, I'm not guessing at what is going on, I'm guessing at the point where the changes occur.

I run my own DNS servers, hidden unlisted inaccessible master, and 3 slaves that are listed as NS records for the DNS for domains e.g. of course kano.is
The other day, after this started, I changed the kano.is NS records by removing the DNS that was in china - down to 2 NS records (in usa)
The TTL for an NS record on *.is is required to be 86400 (or more)
*.com is typically a lot lower (I always set it a lot lower) but being lower also means an outage can fail DNS resolution more easily if your DNS servers are not reliable (not my problem Smiley )

I've since also added a new DNS server (in germany) and added it to kano.is thus again mean kano.is has 3 NS records
These changes of course have also been done at the domain registrar in Reykjavík as is required for it to actually work.

Now to see what is actually going on I can run some dig commands from inside and outside china and compare them.
i.e. this is actual data, no guesses at what is being done.

I'll just repeat this one command since it's good enough to show it:
Code:
dig @104.238.158.242 la6.kano.is
What it does is directly ask my new DNS server what is the address of la6.kano.is
It's 'supposed' to be a direct IP connection to 104.238.158.242 for the answer.
(yes anyone can lookup those values to work out that command)

So from outside the GFW, the correct and consistent answer is:
Code:
# dig @104.238.158.242 la6.kano.is

; <<>> DiG 9.16.1-Ubuntu <<>> @104.238.158.242 la6.kano.is
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60263
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 15796e8f400f631f0100000061a2b483af1b5fa2fac05f07 (good)
;; QUESTION SECTION:
;la6.kano.is. IN A

;; ANSWER SECTION:
la6.kano.is. 600 IN A 149.28.75.193

;; Query time: 248 msec
;; SERVER: 104.238.158.242#53(104.238.158.242)
;; WHEN: Sat Nov 27 22:43:15 UTC 2021
;; MSG SIZE  rcvd: 84

However, from inside the GFW (Beijing) the answer (which changes every time I run it, I've give: two results) is:
Code:
#  dig @104.238.158.242 la6.kano.is

; <<>> DiG 9.16.1-Ubuntu <<>> @104.238.158.242 la6.kano.is
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9846
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;la6.kano.is. IN A

;; ANSWER SECTION:
la6.kano.is. 102 IN A 108.160.172.1

;; Query time: 4 msec
;; SERVER: 104.238.158.242#53(104.238.158.242)
;; WHEN: Sat Nov 27 22:45:28 UTC 2021
;; MSG SIZE  rcvd: 45

and

Code:
#  dig @104.238.158.242 la6.kano.is

; <<>> DiG 9.16.1-Ubuntu <<>> @104.238.158.242 la6.kano.is
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23882
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;la6.kano.is. IN A

;; ANSWER SECTION:
la6.kano.is. 248 IN A 128.242.240.29

;; Query time: 8 msec
;; SERVER: 104.238.158.242#53(104.238.158.242)
;; WHEN: Sat Nov 27 22:46:17 UTC 2021
;; MSG SIZE  rcvd: 45

Now you can see firstly that the answers are wrong but state that they are from the correct DNS IP
The answers are clearly random, those two answers are Dropbox CA and NTT America, Inc. CO

i.e. it appears that either the GFW or Aliyun or both are randomly screwing with DNS requests.

However, when I lookup some of my other domains, the answers are correct.
So it appears to be directed at mining/bitcoin DNS lookups.
(e.g. it happens looking up bitcointalk.org as a straight dig and no server specified)
legendary
Activity: 3234
Merit: 1221
Can confirm .top addresses for mining work, .net address for main web site legit.

Just had an auto-payout go through as normal.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
And how did they get access to something that would have affected also f2pool and binance which both have reported issues?
What would be that thing aside from the GFW that could impact everything like this?

Because they all use the same registrar.

Had to cut this short, sorry, but you've started with the wrong assumption, no they don't!
Neither binance pool, not f2pool use it and I'm willing to bet that kano isn't either.

Was going from here:

Looks like it might be related to Alibaba Cloud.

From CityAM
Quote
It seems the major pools of viaBTC, Poolin, F2Pool, Binance and BTCcom suddenly experienced connection interruptions. The only thing they all had in common was their DNS was provided by Alibaba Cloud, a Chinese owned operation. All had stopped resolving.

I will admit I didn't look to see where they were, I saw the article posted and did not check more. That is on me. No idea about kano.

Without getting into anything else, I will say that if they were using a different DNS provider (outside of China) then nothing makes sense.
If China wanted to block external mining then all they had to do was block the pool IPs at the edge of China
If they wanted to block internal miners from reaching them then you just block the routes internally to the country.

This just puts a (very) small bump in the road. If your stratum did not disconnect then you never stopped mining.
If you could get the IPs from someone who had them then you are back mining.
If the pools changed name (viabtc.top) and started using cloudflare then you are back mining.

Shutting down DNS and not keeping it down does not really do much.

And if DNS / registrar were outside of China then there would be no way for them to stop resolving names to IPs. INSIDE China could be stopped, but Phil / Mopar and all of us in the USA and the rest of the world would not have had DNS resolution stop if they were using DNS and registrars outside of China.

Since the government controls all telcom in China then it really is as easy as:

Code:
Router(config)# ip route A.B.C.D Sub.Net.Mask.Here null0                  
And then propagate it. If you are using Cisco. But more or less it's all the same.

-Dave
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
And how did they get access to something that would have affected also f2pool and binance which both have reported issues?
What would be that thing aside from the GFW that could impact everything like this?

Because they all use the same registrar.

Had to cut this short, sorry, but you've started with the wrong assumption, no they don't!
Neither binance pool, not f2pool use it and I'm willing to bet that kano isn't either.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
And how did they get access to something that would have affected also f2pool and binance which both have reported issues?
What would be that thing aside from the GFW that could impact everything like this?

Because they all use the same registrar.
Not saying that it does happen a lot, but it does happen regularly:

https://www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/

https://www.cpomagazine.com/cyber-security/domain-registrar-godaddy-breached-attackers-trick-employees-into-transferring-ownership-of-cryptocurrency-sites/

https://arstechnica.com/information-technology/2019/02/inside-the-dnspionage-hacks-that-hijack-domains-at-an-unprecedented-scale/

Now this is also an interesting little take on it. I am not saying that it happened here, just that it has happened.
IF I get access to your DNS control I can set the IPs to wherever I like.

I then set the TTL (How long once you ask for the IP for me to store it and not check again) to a very high number. So even if you get control there are still places around the world that will give the wrong information for days.

However, if you shutdown the domain at the root registrars there is a good chance that even though it said this is the proper IP for this name and don't look for another X seconds. There are actually 2 TTLs (prepare for some really boring shit here) that although not going to be 100% the way it works it's the best I can do in a post not a 120 minute power point seminar....

Picking on stackoverflow.com here I pull all their DNS info:

Code:
HEADER:
    opcode = QUERY, id = 19492, rcode = NOERROR
    header flags: reply, auth. answer, want recursion.
    questions = 1, answers = 4, auth. records = 4, additional = 0
QUESTIONS:
    stackoverflow.com., type = XX, class = 1
ANSWERS:
->  stackoverflow.com.
    type = A, class = 1, ttl = 300, dlen = 4
    IP address = 151.101.65.69
->  stackoverflow.com.
    type = A, class = 1, ttl = 300, dlen = 4
    IP address = 151.101.129.69
->  stackoverflow.com.
    type = A, class = 1, ttl = 300, dlen = 4
    IP address = 151.101.193.69
->  stackoverflow.com.
    type = A, class = 1, ttl = 300, dlen = 4
    IP address = 151.101.1.69
AUTHORITY RECORDS:
->  stackoverflow.com.
    type = NS, class = 1, ttl = 172800, dlen = 23
    nameserver = ns-1033.awsdns-01.org.
->  stackoverflow.com.
    type = NS, class = 1, ttl = 172800, dlen = 19
    nameserver = ns-358.awsdns-44.com.
->  stackoverflow.com.
    type = NS, class = 1, ttl = 172800, dlen = 28
    nameserver = ns-cloud-e1.googledomains.com.
->  stackoverflow.com.
    type = NS, class = 1, ttl = 172800, dlen = 14
    nameserver = ns-cloud-e2.googledomains.com.

You can see that they have an A (Address) record set to expire in 300 seconds:

Quote
stackoverflow.com.
    type = A, class = 1, ttl = 300, dlen = 4
    IP address = 151.101.65.69

BUT they also have these these things called AUTHORITY RECORDS which more or less mean that these are the proper DNS servers for them and don't worry about it for the next 172800 seconds (2880 minutes / 48 hours) so even if you hijack that domain and point it's DNS servers someplace else for the next 2 days from when you looked. IF YOU DNS IS SETUP TO OBEY THE TTLs then you will never ever care where the new DNS servers are. Those listed are it.
Quote
AUTHORITY RECORDS:
->  stackoverflow.com.
    type = NS, class = 1, ttl = 172800, dlen = 23
    nameserver = ns-1033.awsdns-01.org.
However, if your domain is shutdown (like what viabtc.com) then it all stops then and there. I go to look for something and the root DNS zones say nope.

Now as I said, this is not 100% the way it works but it does give you a general view. If you got control of the domain and did something funky then I could see them doing something like this to stop an attack.

Now, I am not saying that is what happened. But all this "China is blocking" stuff just seems a bit off since traffic is passing.

If you think about it, if China wanted to block it all they would have to do it tell the registrar, shut off access and give us the domain. And then tell the 100% owned by the government internet provider stop passing traffic to these IP addresses and call it a day.

-Dave
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
I also noticed that there is now a viabtcpool  - whole different look so could possibly be non legit.

It's an old scam website, check their offers page, 200-300% ROI in 48 hours? just lol. Grin
There is one with a btc-pool, and there was another one but I can't remember what it used differently.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I also noticed that there is now a viabtcpool . com - whole different look so could possibly be non legit.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
I am starting to think more and more this has nothing to do with anything China related and more of someone got access to something they should not have.

And how did they get access to something that would have affected also f2pool and binance which both have reported issues?
What would be that thing aside from the GFW that could impact everything like this?

Since miners that were connected were still connected and mining then we know that the stratum servers and related services are not and were not being filtered or blocked.

Miners that were connected to the pool were still mining with no problem, you don't need to solve a DNS for an active connection, if you would have tried to reconnect or add a new miner to it it won't reach the pool, I did so with one of my miners early in the morning, and now I've had to switch pool it as it can't reach any via server.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
To me, this was the gov adding blocks to the GFW, this took them by "surprise" and they just scrambled to change dns.

And once again no, read what I posted above. Nothing is blocked. Not the IPs, not the services, nothing.
The registrar that viabtc.com is hosted at put a block on the domain / shut it down. BUT they left every other VIA name untouched, just the .com is offline.

If they wanted to block access all they had to do was put a block at the great firewall and those IPs would have dropped out of existence. But as others have reported, so long as you did not need to re-confirm the IP you could just keep mining. VIABTC could have just gone out and gotten a new domain name anywhere and said go here to mine. But they did not. So something else is going on.

I run my own DNS servers, and since I log every request I went back and looked at what my miners asked for, put in those IPs and away they went to mine.

There are 2 different things at play here when it comes to DNS
1) How long it takes to change DNS servers i.e. go from alibaba DNS to cloudflare. That is anywhere from 1 to 6 hours. Usually close to 1 hour.

2) How long it takes for other places to notice you changed IPs (having nothing to do with #1) that is configurable. And usually a few hours. BUT a lot of providers can and use their own time limits ignoring what the DNS provider says. I can set it to 1 minute, but no matter what there are a lot of places out there that default to 7200 seconds (2 hours) or 86400 seconds (24 hours) no matter what the DNS server tells them.

-Dave

Notes:
1) I was not mining BTC but ETH but that should not matter the IPs still pass data no problems.
2) I switched to nicehash as primary since the profit is much higher at the moment but the VIA IPs still show online

legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
To me, this was the gov adding blocks to the GFW, this took them by "surprise" and they just scrambled to change dns.

As you know, when you change the dns of your server/website whatever, it can take a couple of days to propagate to the whole internet. There is dns caching and dns servers asking other dns servers, etc. To some the change is quick, to some it takes longer as it has always been.

But why did these Chinese pools took so long to do this change, why wait until their gov cut them? Its not like they didn't know this was coming, and its one reason Slush Pool dropped the Chinese nodes at least half a year ago.

This was also a good call on people relying too much in Chinese pools, they ignored decentralization, and paid the price.

And worse yet it shows that any pow coin of any type can be attacked at the government level by major countries.

So the fall out is interesting.

I think a lot has to do with China and USA trade war.

ie Trump tax is now Biden tax and imports from China are still being hurt bigly.

China is trying to figure ways to fight against that trade tariff.
legendary
Activity: 2030
Merit: 1573
CLEAN non GPL infringing code made in Rust lang
To me, this was the gov adding blocks to the GFW, this took them by "surprise" and they just scrambled to change dns.

As you know, when you change the dns of your server/website whatever, it can take a couple of days to propagate to the whole internet. There is dns caching and dns servers asking other dns servers, etc. To some the change is quick, to some it takes longer as it has always been.

But why did these Chinese pools took so long to do this change, why wait until their gov cut them? Its not like they didn't know this was coming, and its one reason Slush Pool dropped the Chinese nodes at least half a year ago.

This was also a good call on people relying too much in Chinese pools, they ignored decentralization, and paid the price.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
What is interesting is that the registrar for both domains is https://net.cn but the .com is still on registrar hold as of now as I posted above, but the .net is fine.

I am starting to think more and more this has nothing to do with anything China related and more of someone got access to something they should not have.

If China wanted to block it registrar hold is not the way to do it. Just an edge block would work fine, just like any firewall.
If viabtc wanted to deal with this quickly all they would have to do it send out a list of IP addresses to connect to instead of names that needed to be resolved.

Since miners that were connected were still connected and mining then we know that the stratum servers and related services are not and were not being filtered or blocked.

To me, on the surface that looks like something else.

... and moving DNS outside China is not a 5 minute exercise.
If it's on hold you can't move it at all. If it's not it take about an hour to propagate it. Which was about what the .net did from the alibaba DNS to cloudflare.

-Dave
full member
Activity: 378
Merit: 197
I just got this email from Viabtc.  Looks like .top is the extension for mining.

    

Support Team (ViaBTC)

Nov 27, 2021, 14:49 GMT+8
Dear user,


Thank you for contacting ViaBTC Support.


Sorry for having kept you waiting.


Recently, due to the impact of DNS pollution, some of the users in certain regions experienced abnormal resolution of the ViaBTC domain name (www.viabtc.com) and were unable to access the website properly. After emergency maintenance, ViaBTC has activated a new domain name (www.viabtc.net). If you have ever encountered the above situation, please use the new domain name to visit the website.


+++++++++++++++++++++++++++++++++++++++++
【App guides】

If you have problem using App, please update your ViaBTC App to the latest version.

For the Android, please upgrade to the latest App from Google Play Store or via the Direct download link (https://download.viabtc.net/ViaBTC_Pool_3.0.4.apk)


For the iOS , it is currently unavailable, you may wait patiently and update from theApp Store in coming days.


+++++++++++++++++++++++++++++++++++
【Mining guides】

Simply put, please use (viabtc.net) for visiting website and use(viabtc.top) for mining configuration.

The current available coins: BTC, ETH, LTC, BCH, and Smart Mining, please refer to the mining configuration page https://www.viabtc.net/pool/state


Updated mining URL:
BTC: stratum+tcp://btc.viabtc.top:3333
BCH: stratum+tcp://bch.viabtc.top:3333
ETH: stratum+tcp://eth.viabtc.top:3333
LTC: stratum+tcp://ltc.viabtc.top:3333
Smart Mining: stratum+tcp://bitcoin.viabtc.top:3333

For example, if you are mining BTC, your new mining URL would be stratum+tcp://btc.viabtc.top:3333

Please stay tuned for the configuration of more coins later.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
To follow up

I had maybe 100 different pieces of gear pointed to them.

around 11 dropped off.

I have another issue in that the anydesk I use to run the btc and LTC asic is down so I will need to drive the 150 mile round  trip to fix those miners they are idle.

The other 89 just ran with no issues.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
As I just mentioned in the other thread:
The issue is where their DNS servers exist.

If they where inside China (doesn't matter where the pool you mine to is) then the DNS is being manipulated by GFW and/or Aliyun.

This is still going on (I just checked it again now)

... and moving DNS outside China is not a 5 minute exercise.
hero member
Activity: 723
Merit: 519
Got this from ViaBtc a few hours ago:

Quote
Dear ViaBTC users,
Recently, due to the impact of DNS pollution, some of the users in certain regions experienced abnormal resolution of the ViaBTC domain name (www.viabtc.com) and were unable to access the website properly. After emergency maintenance, ViaBTC has activated a new domain name (www.viabtc.net). If you have ever encountered the above situation, please use the new domain name to visit the website.

DNS pollution as in spoofing?

Poolin and F2pool were reachable at noon (GMT), viabtc.com was off, can't test .net for a while to see if it works.

I can get to the viabtc.net site, looks same as the old one.    I did not try to log in, waiting for someone braver to do that.

 But when I replace .com with .net in my miners, I still get unresolved host.

same, .net used for stratum server does not connect
legendary
Activity: 2436
Merit: 6643
be constructive or S.T.F.U
I signed into the .net site

may be legit

I will attempt to withdraw to coinex

It is, they put an announcement in their telegram group saying:

Quote
If you can not access the ( viabtc.com ) or App, please use the altenative domain name ( viabtc.net )

We will send you the detailed official announcement via email later this day.

Thank you for your understanding and patience.

Note: Kindly note that your mining or payment won’t be affected as long as your hashrates are valid.

and previously they posted the following:

Quote
Do not panic if you can not access the ViaBTC Web or App, we are currently working on this issue. Hopefully, it will be fixed later this day.

Kindly note that your mining or payment won’t be affected as long as your hashrates are valid.

Thank you for your understanding and patience.


It's funny that they expect everyone to be on telegram, they should have sent out emails right after this shit happened, anyway, mining is going alright, heck, this is less scary than my experience with Poolin a while back, the pool was working just fine but my hashrate was showing zero.

legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
Got this from ViaBtc a few hours ago:

Quote
Dear ViaBTC users,
Recently, due to the impact of DNS pollution, some of the users in certain regions experienced abnormal resolution of the ViaBTC domain name (www.viabtc.com) and were unable to access the website properly. After emergency maintenance, ViaBTC has activated a new domain name (www.viabtc.net). If you have ever encountered the above situation, please use the new domain name to visit the website.

DNS pollution as in spoofing?

Poolin and F2pool were reachable at noon (GMT), viabtc.com was off, can't test .net for a while to see if it works.

I can get to the viabtc.net site, looks same as the old one.    I did not try to log in, waiting for someone braver to do that.

 But when I replace .com with .net in my miners, I still get unresolved host.

I signed into the .net site

may be legit

I will attempt to withdraw to coinex



Got this from ViaBtc a few hours ago:

Quote
Dear ViaBTC users,
Recently, due to the impact of DNS pollution, some of the users in certain regions experienced abnormal resolution of the ViaBTC domain name (www.viabtc.com) and were unable to access the website properly. After emergency maintenance, ViaBTC has activated a new domain name (www.viabtc.net). If you have ever encountered the above situation, please use the new domain name to visit the website.

DNS pollution as in spoofing?

Poolin and F2pool were reachable at noon (GMT), viabtc.com was off, can't test .net for a while to see if it works.

I can get to the viabtc.net site, looks same as the old one.    I did not try to log in, waiting for someone braver to do that.

 But when I replace .com with .net in my miners, I still get unresolved host.

I signed into the .net site

may be legit

I will attempt to withdraw to coinex

I was able to make a with drawl to coinex so I think it may be good.

do so at your own risk

[moderator's note: consecutive posts merged]
hero member
Activity: 723
Merit: 519
I have several rigs pointed at all three of VIABTC stratum servers
Most still connected & hashing

1 rig in particular got disconnected and won't reconnect. Tried changing to a different pool on that rig and it connects as normal. Changed back to VIABTC several times and still won't connect
full member
Activity: 378
Merit: 197
Got this from ViaBtc a few hours ago:

Quote
Dear ViaBTC users,
Recently, due to the impact of DNS pollution, some of the users in certain regions experienced abnormal resolution of the ViaBTC domain name (www.viabtc.com) and were unable to access the website properly. After emergency maintenance, ViaBTC has activated a new domain name (www.viabtc.net). If you have ever encountered the above situation, please use the new domain name to visit the website.

DNS pollution as in spoofing?

Poolin and F2pool were reachable at noon (GMT), viabtc.com was off, can't test .net for a while to see if it works.

I can get to the viabtc.net site, looks same as the old one.    I did not try to log in, waiting for someone braver to do that.

 But when I replace .com with .net in my miners, I still get unresolved host.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Got this from ViaBtc a few hours ago:

Quote
Dear ViaBTC users,
Recently, due to the impact of DNS pollution, some of the users in certain regions experienced abnormal resolution of the ViaBTC domain name (www.viabtc.com) and were unable to access the website properly. After emergency maintenance, ViaBTC has activated a new domain name (www.viabtc.net). If you have ever encountered the above situation, please use the new domain name to visit the website.

DNS pollution as in spoofing?

Poolin and F2pool were reachable at noon (GMT), viabtc.com was off, can't test .net for a while to see if it works.
legendary
Activity: 3234
Merit: 1221
biffa’s post now shows btc and other pow coins can be attacked with some success via large government interference.

not sure how this unfolds but on some level I really do not like it.

Not really, what it does show is the resilience of POW coins, because you can just easily mine to a different pool and everything just keeps going. It shows that you can take out the worlds biggest mining pools and the network still works exactly as intended.

The only risk is the risk of losing the coin that you have accumulated on the pool if it goes byebye. But its not a risk to the network itself and no more of a risk than if the pool dissapeared because the operator was inept or crooked.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
biffa’s post now shows btc and other pow coins can be attacked with some success via large government interference.

not sure how this unfolds but on some level I really do not like it.
legendary
Activity: 3234
Merit: 1221
Looks like it might be related to Alibaba Cloud.

From CityAM
Quote
It seems the major pools of viaBTC, Poolin, F2Pool, Binance and BTCcom suddenly experienced connection interruptions. The only thing they all had in common was their DNS was provided by Alibaba Cloud, a Chinese owned operation. All had stopped resolving.

Or its China Telecom trying to block domestic miners reaching chinese pools, but ended up fubar'ing it and blocking the world.

From: TheBlock
Quote
Mining pools blocked
According to a recent document made by China Telecom and seen by The Block, the top Chinese internet service provider has come up with a detailed solution to detect domestic miner IPs that have communicated with mining pools' URLs.

Based on its ongoing detection, it can either cut off the internet service to specific IPs or manually blacklist the URLs that mining pools use to connect with individual equipment.

As of writing, the domains of almost all the 10 biggest mining pools by real-time hash rate for both Bitcoin and Ethereum are not accessible from IPs inside China, based on The Block's verification.

Among them, F2Pool, ViaBTC, BinancePool and BTC.com have seen sharp real-time hash rate declines by around 10% for either Bitcoin or Ethereum over the past 24 hours.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Can't speak for the others but viabtc either broke something or is a fight with their hosting provider.

Doing a whois lookup at the global registry you get:
Code:
   Domain Name: VIABTC.COM
   Registry Domain ID: 1989117527_DOMAIN_COM-VRSN
   Registrar WHOIS Server: grs-whois.hichina.com
   Registrar URL: http://www.net.cn
   Updated Date: 2021-11-25T12:15:46Z
   Creation Date: 2015-12-23T06:12:17Z
   Registry Expiry Date: 2024-12-23T06:12:17Z
   Registrar: Alibaba Cloud Computing (Beijing) Co., Ltd.
   Registrar IANA ID: 420
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: +86.95187
   Domain Status: clientHold https://icann.org/epp#clientHold
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: VIP1.ALIDNS.COM
   Name Server: VIP2.ALIDNS.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2021-11-26T07:54:48Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

**complete**

The 2 important lines are:

   Updated Date: 2021-11-25T12:15:46Z
and
Domain Status: clientHold https://icann.org/epp#clientHold

So yesterday they (or someone) made a change to their DNS info BUT it does not matter since:

https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientHold
Quote
client hold

This status code tells your domain's registry to not activate your domain in the DNS and as a consequence, it will not resolve. It is an uncommon status that is usually enacted during legal disputes, non-payment, or when your domain is subject to deletion.

Often, this status indicates an issue with your domain that needs resolution. If so, you should contact your registrar to resolve the issue. If your domain does not have any issues, but you need it to resolve, you must first contact your registrar and request that they remove this status code.

So it's never even making out. Although the Chinese government may have something to do with it, they are not blocking it at the edge. It IP address resolution does not even exist to make it there.

Yes I know that does not help, but it's a bit more info.

-Dave
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
my gpu's and cpu's were mining at viabtc - none are working now.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
...
My rigs  kept mining, everything looked good, until I rebooted my wireless, then every one 'could not resolve host name"

Wondering if yours continue to mine, and if they really are mining?

A miner wont do a DNS lookup to change an active connection, since stratum is a permanent connection.
When the connection is lost or the miner is restarted or rebooted, it may then do a DNS lookup that could be mangled by the problem.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
I am willing to bet this happen on a prior thanksgiving.

At least I remember it happening.



I left all gear mining ⛏ on viabtc.

The gpus
The L3+
The s9
The s15
The s17
The s17+
The t15
The t17
The t17e
The t17+
The avalons
The whatsminers

basically its all running

and paying at viabtc.
legendary
Activity: 2436
Merit: 6643
be constructive or S.T.F.U
My rigs  kept mining, everything looked good, until I rebooted my wireless, then every one 'could not resolve host name"

Wondering if yours continue to mine, and if they really are mining?


Do you mean you rebooted your router? Well if you did so then it explains why they can not connect anymore as explained in my first post.

Yup except for the 2 gears that rebooted the rest kept mining with no issues, in fact the app worked for a while a few mins back and the hashrate was showing pretty normal.
full member
Activity: 378
Merit: 197
Probably by the time you read this it will all be fixed, but its been going on for a while now, not sure how much its affecting mining or just access to the web sites.

To most folks, it's probably just the website, out of nearly 200 gears I got running on Viabtc only 2 switched to the secondary pool because they were rebooted by awesomeminer for having "sick asics", the rest are unaffected and 0 seconds time on the backup pools.

The miners that switched to the secondary pools now showing Viabtc "dead", it will probably go away if I reboot them but I want to see what happens, so my guess is that if the miner wasn't rebooted during these DNS issues -- no issues, someone who runs a pool like Kano probably knows what could have been the problem, why are the previously connected miners running fine, and the ones that are negotiating for a new connection aren't.

Anyway, one should always be prepared for such a scenario, the back pool needs to be in a different geographical location.

My rigs  kept mining, everything looked good, until I rebooted my wireless, then every one 'could not resolve host name"

Wondering if yours continue to mine, and if they really are mining?
legendary
Activity: 3822
Merit: 2703
Evil beware: We have waffles!
Discussing this in the KanoPool Discord room:
Quote
yeah that's correct but I get different answers every 2nd try
(to 8.8.8.Cool
oh it's just stopped doing it 🙂
only giving correct answers now
netghost
 —
Today at 6:45 PM
If I look it up I get 75.126.215.88
from the trustzone dns
Kano
 —
Today at 6:46 PM
you'll get random different answers - not just that one
well don't trust them then 😄
Yeah it's definitely something china is doing internally. I just did a ns lookup for kano.is from a vm inside china to one of my dns servers (outside china) and got a completely wrong answer - a single incorrect ip. But doing it from outside china gets the correct answer (2 ips)
The actual reply was also completely wrong it said the TTL was 192s which is wrong, a *.is must be at least 1day and kano.is is that 86400
So I guess china's GFW is doing some DNS fuckery to screw with it's residents
Hmm - maybe it's only mining?
I tend to agree with Kano's last statement about the GFW tho doesn't explain why a lot of other DNS sites around the globe were foobarred for a bit.
jr. member
Activity: 34
Merit: 5
Completely off the grid: https://www.whatsmydns.net/#A/viabtc.com

Not doing great but slowly improving: https://www.whatsmydns.net/#A/poolin.com

Still a bit shaky: https://www.whatsmydns.net/#A/f2pool.com

Not sure if a network issue in the china firewall or what, but it would be interesting to see the failover data stats. One big pool going down like that could cascade to other pools getting knocked out when all the miners fail over to their secondary pools*

Unless they are using bitfury software, as that only allows one pool  Roll Eyes

Probably by the time you read this it will all be fixed, but its been going on for a while now, not sure how much its affecting mining or just access to the web sites.

By the time I'm reading this, still no DNS for ViaBTC, Poolin and F2pool :-(
legendary
Activity: 2436
Merit: 6643
be constructive or S.T.F.U
Probably by the time you read this it will all be fixed, but its been going on for a while now, not sure how much its affecting mining or just access to the web sites.

To most folks, it's probably just the website, out of nearly 200 gears I got running on Viabtc only 2 switched to the secondary pool because they were rebooted by awesomeminer for having "sick asics", the rest are unaffected and 0 seconds time on the backup pools.

The miners that switched to the secondary pools now showing Viabtc "dead", it will probably go away if I reboot them but I want to see what happens, so my guess is that if the miner wasn't rebooted during these DNS issues -- no issues, someone who runs a pool like Kano probably knows what could have been the problem, why are the previously connected miners running fine, and the ones that are negotiating for a new connection aren't.

Anyway, one should always be prepared for such a scenario, the back pool needs to be in a different geographical location.
legendary
Activity: 3234
Merit: 1221
Completely off the grid: https://www.whatsmydns.net/#A/viabtc.com

Not doing great but slowly improving: https://www.whatsmydns.net/#A/poolin.com

Still a bit shaky: https://www.whatsmydns.net/#A/f2pool.com

Not sure if a network issue in the china firewall or what, but it would be interesting to see the failover data stats. One big pool going down like that could cascade to other pools getting knocked out when all the miners fail over to their secondary pools*

Unless they are using bitfury software, as that only allows one pool  Roll Eyes

Probably by the time you read this it will all be fixed, but its been going on for a while now, not sure how much its affecting mining or just access to the web sites.
Jump to: