RT Under DNS DDoS Attack – How To Restore Access


There are widespread reports that RT is not accessible due to an apparent DDoS attack on their DNS servers. Here’s a temporary fix if your affected.

The DNS servers of RT.com are currently under an apparent Distributed Denial of Service (DDoS) attack.

Many people in the MidEast along with the New England and Midwest portions of the United States are reporting server not found errors when attempting to access the site.

This has lead some to incorrectly speculate they didn’t renew their domain name.

I have confirmed this is not correct as their DNS records record shows the domain record does not expire until Sept 22, 2021


RT DNS record is registered until Sept 22 2021
I am located in New Jersey and am not affected by the outage.

The IP address for RT is 62.213.111.202 and I will explain how you can use this to restore access to the site until the issue is resolved..

RT only has two DNS servers on record:

NS1.RUSSIATODAY.NET 109.73.15.35
NS2.RUSSIATODAY.NET 62.213.87.190

Many are still reporting outages via Facebook and Twitter as recently as a few minutes ago.

Since it appears those reporting outages are from the Middle East along with the New England and Midwest areas in the US it would suggest the DDoS are coming from these geographical location.

It appears RT’s domain name servers are performing geographical based load balancing.

Users who attempt to look up RT’s domain name located on the same trunks of the internet that the attackers simply do not get a response from the DNS servers handling lookup requests on those trunks.

The old thing is I see no new reports from RT or anywhere else on the attacks.

In any case here are instructions to restore access to the site until the issue is remediated.

Windows

1) Open Notepad (Note: In Windows Vista and Window 7 you may have to right click notepad and choose run as administrator)
2) Click File, Open, and type in the following %systemroot%\system32\drivers\etc\hosts and click open


Notepad dialog to edit hosts files
3) Add the following to a blank line at the end of the file: 62.213.111.202 rt.com and click save.
Your host file should look like this.

Edited Hosts File With Entry For RT Added
You should now be able to access RT. If not from a command prompt enter the command: ipconfig /flushdns.

Mac/Apple

1) going into Applications -> Utilities -> Terminal

2) in the terminal enter the command: sudo nano /private/etc/hosts

3) add 62.213.111.202 rt.com to the file, press control-o to save the file and press enter on the file name to save the file.

You should now be able to access RT. If not from the terminal enter the command: dscacheutil -flushcache

More detailed Mac Instructions here:

In the future when your favorite sites are taken down by DNS attacks by hackers you simply add their IP to fix the issue.

Categories: GENERAL INTEREST

Write a Comment

Your e-mail address will not be published.
Required fields are marked*