Not sure if it's relevant but one of the major "DNS providers" (that preceded Google) also chooses to domicile their operations in Ireland. They could just as well locate anywhere, but I doubt they chose Ireland for tax purposes. That just wouldn't make sense, right?
% You have issued 1000 queries today. You have 0 queries per rolling 1 hours.
% You have reached your 1 hour limit.
Looks like they're blocking lookups for google.ie
Edit - actually looks like they're not doing any lookups. Searching anything gives the same error. I haven't done any lookups today for anything, but it thinks I did 1000.
% Rights restricted by copyright; http://iedr.ie/index.php/mnudomregs/mnudnssearch/96
% Do not remove this notice
domain: google.ie
descr: Google, Inc
descr: Body Corporate (Ltd,PLC,Company)
descr: Registered Trade Mark Name
admin-c: KR59-IEDR
tech-c: CCA7-IEDR
registration: 21-March-2002
renewal: 21-March-2013
status: Active
nserver: ns1.google.com
nserver: ns2.google.com
nserver: ns3.google.com
source: IEDR
person: Kulpreet Rana
nic-hdl: KR59-IEDR
source: IEDR
person: eMarkmonitor Inc
nic-hdl: CCA7-IEDR
source: IEDR
Which looks like it could be cached information. Kulpreet Rana's LinkedIn "also viewed" section seems to identify her as a Google lawyer. The new nameservers are ns1.farahatz.net and ns2.farahatz.net.
No - It doesn't look like Googles DNS servers have been hacked.
It looks like either the IEDR (the guys who manage .ie) have been hacked, or, either Google or eMarkmonitor Inc (whoever they are) had their password for the IEDR systems compromised.
Markmonitor handles all the ccTLDs (.ie, .co.uk, .de, etc) for almost all the Fortune 500 companies. If they were hacked you'd see more than two changed .ie domains.
The fact that the fake nameservers were visible on iedr.ie means that it's likely the .ie TLD, or someone with the keys to google.ie (e.g. eMarkmonitor Inc) were the real cause..
The IEDR works on a fax based authorisation system for a lot of procedures which is low hanging fruit for an attacker. Any other type of compromise might be more interesting so curious if they'll release how this happened.
Found that out thanks to the technical details in Firefox's SSL error screen, where it says:
"www.google.bo uses an invalid security certificate.
"The certificate is only valid for the following names:
google.com , .google.com , .youtube.com , youtube.com , .youtube-nocookie.com , youtu.be , .ytimg.com , .android.com , android.com , .googlecommerce.com , googlecommerce.com , .url.google.com , .urchin.com , urchin.com , .google-analytics.com , google-analytics.com , .cloud.google.com , goo.gl , g.co , .gstatic.com , .google.ac , ..." and then goes on to list an enormous number of localized Google domains.
well that can't be good! domain not due to expire until 21 March 2013 so looks like their dns records have been hijacked per the original submitter. A records are still going to google for me right now.
Perhaps some charitable Irish taxpayer could sort their domain name out for them?
1: http://www.irishtimes.com/newspaper/finance/2012/1006/122432...