This morning I found out that our domain and subdomains have been poisoned on the 4.2.2 and 4.2.2.1 DNS servers along with others I think, though I have not confirmed others yet. Using OpenDNS resolution works correctly. I have updated our local DNS servers and cleared their cache which has fixed things internally.
The issue is that the domain is public facing and customers are having problems. We are the authoritative DNS server for the domain and all that is under our control. What I don't know how to do is fix the name servers out of our control.
Is there something we can do on our end? At the moment the only workaround I can think of is to ask customers to change their DNS to OpenDNS which is not very practical. The other workaround would be to change our TLD, which is less practical.
Best Answer
Sounds like you need to implement DNSSEC.
Since you haven't given many details about your setup, it's difficult to recommend a software solution, but googling DNSSEC with your current setup should yield you some good tutorials on how to do it.