Slashdot Mirror

← Back to Stories (view on slashdot.org)

Akamai DNS Outage Messes up Net

Posted by ryuzaki0 on from the point-of-failure dept.

katre writes "Checking all my favorite sites this morning, I saw that about half a dozen seem to be offline. Trying to figure out why, I found an interesting article on the front page at http://isc.incidents.org/. Seems that the problems at Akamai are screwing over Yahoo, Google, Microsoft, Fedex, Xerox, Apple, and others. Whatever happened to my decentralized net with no single point of failure?"

30 of 522 comments (clear)

  1. I'm definitely not a technical guru... by Dagny+Taggert · · Score: 5, Interesting

    but I believe the centralized concept of the 'net is something that is coming to an end, much to our loss. I'm pretty bothered by the fragility of this system. How many of you can't work without web access?

    --
    Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
    1. Re:I'm definitely not a technical guru... by Malc · · Score: 5, Insightful

      How many *think* they can't live without web access? Offline working can be surprisingly productive, and as it often forces more thinking and planning (e.g. in preparation for being back online, and just thinking through what would happen of you could be online) the results end up being better.

    2. Re:I'm definitely not a technical guru... by MindStalker · · Score: 5, Insightful

      You mean decentralized?
      Anyways butting both DNS records on the same point of failure breaks standards. These companies deserve to be hit hard (PR wise) for not building a roburst network.

    3. Re:I'm definitely not a technical guru... by Pizzop · · Score: 5, Informative

      It would be hard to do most of my work (Server Maint.) without the net. I might have to actually go to the servers instead of ssh. Wait, what am I talkin about, without the net I wouldn't HAVE a job.

      --
      How to Speak Leet
    4. Re:I'm definitely not a technical guru... by fish_in_the_c · · Score: 5, Insightful

      you can still get to all those sites. You just have to REMEMBER the ip instead of depending on the computer to look it up for you ;). TCP/IP was designed to have not centeral point of failure and still does it's job well. DNS was not quite designed in such a way.

      --
      âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
    5. Re:I'm definitely not a technical guru... by AKnightCowboy · · Score: 5, Insightful
      How many *think* they can't live without web access?

      *Live* and *work* are too entirely different things. I could not get any of my work done with network access.

    6. Re:I'm definitely not a technical guru... by endx7 · · Score: 5, Funny

      Offline working can be surprisingly productive

      Because that means then you aren't on slashdot?

      er....brb, I should probably get back to work.

  2. Whatever happened to my decentralized net? by mattkime · · Score: 5, Funny

    Whatever happened to my decentralized net with no single point of failure?

    Its there. Get out your old Usenet reader. See, you still have your porn.

    --
    Know what I like about atheists? I've yet to meet one that believes God is on their side.
  3. Clear your cache by Frennzy · · Score: 5, Informative

    Yahoo is already resolving through scd instead of akamai. I didn't check any of the others.

    If you clear your cache, you will probably get the new entries, unless your ISP hasn't caught onto the problem yet.

  4. Good morning, Mr. Gore. by Quarters · · Score: 5, Funny
    Whatever happened to my decentralized net with no single point of failure?

    How ya doin', Al?

  5. Ironically... by xbrownx · · Score: 5, Informative

    ...I can't even get to http://isc.incidents.org/

  6. Single point of failure by jelizondo · · Score: 5, Funny

    You could still access Slashdot, couldnt you?

    --
    Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
  7. Hmmm by Mz6 · · Score: 5, Funny
    "Seems that the problems at Akamai are screwing over Yahoo, Google, Microsoft, Fedex, Xerox, Apple, and..."

    ... http://isc.incidents.org.

    --
    Hmmm.
  8. 2nd time in a month by ZHaDoom · · Score: 5, Informative

    This should cause some problems for akami, they had an outage may 24th. Once can be overlooked twice? these are some big companies they are going to be calling them. I bet there is some sweating techs in the cool noc right now

    --
    War isn't about who's right. It's about who's left.
  9. Lack of notification by sphealey · · Score: 5, Interesting

    What ticks me off about this incidents (and I suspect that there have been several in the last 6 months) is that there is absolutely no notification given, either during or after the event. During this outage, some news outlets were still reachable (including Slashdot), and a simple notification would have saved hours (* 10s of thousands of network dudes worldwide) of time and much grief from the big bosses who couldn't reach Yahoo Finance, I mean critical business web sites.

    Are these guys so convinced of their omnipotence and indispensibility that they don't feel the need to communcate with the world about what is going on?

    sPh

  10. I'm surprised... by swasson · · Score: 5, Funny

    that the /.'ers aren't trying to take credit for slashdotting the entire WWW.

    --
    "Facts are meaningless. You could use facts to prove anything that's even remotely true!" -- Homer Simpson
  11. Re:DNS issue... by ObsessiveMathsFreak · · Score: 5, Funny

    Well I guess it's back to IP addresses for us!!!
    ....
    I'll be at 127.0.0.1 until this blows over.

    --
    May the Maths Be with you!
  12. Root servers not decentralized? by Otto · · Score: 5, Insightful

    It's not truely decentralized...
    The root nameservers are the most obvious example...

    The most obvious example? The fact is that there are 13 of them, in widely scattered locations across the globe, and it's not decentralized?

    Damn man, what exactly would you consider "decentralized" then?

    Root servers go down all the time. It's not particularly unusual. There's THIRTEEN of the things. Up to 8 have been down at once with no major effects on the network, IIRC.

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  13. Lack of multiple points of failure by bastardadmin · · Score: 5, Insightful

    I can see the logic that went into this plan:
    "Well, Akamai has a few million DNS boxes, if we put everything there we'll be fine! That's not a single point of failure!"
    Yeah, about that... multiple vendors may have been a good idea in retrospect instead of just one monolithic provider.
    Time to re-examine the definition of Single Point of Failure.

  14. You know... by Mz6 · · Score: 5, Funny
    If we timed our stories right we could pull this all off as the /. effect...

    Let's see so far today.. We had a report on Yahoo... They're down. A report to a virus linked to Symantec.. they are up and down. We always link to Google, they are having problems... wooo. Now we just need another patent from Microsoft to bring them down... which by my records shouldn't be too long.

    --
    Hmmm.
  15. Need my Xerox fix! by goober · · Score: 5, Funny

    Checking all my favorite sites this morning...

    Microsoft, Xerox and FedEx are some of my favorite sites too! But due to the outage I'm stuck slumming it here on Slashdot...

  16. Re:releted to linux kernel DoS exploit? by mtenhagen · · Score: 5, Funny

    It probarbly is, I did send an email to a guy the akamai noc and told him to execute a lttile attached application on all the dns servers and he would receive free porn if he did.

    Iam now trying to send the porn but the mail server is unreachable.

    --
    200GB/2TB $7.95 Coupon: SAVE90DOLLAR
  17. We fixed it quick by Apreche · · Score: 5, Funny

    Yeah, google didn't work and we didn't know what to do. We tested and determined the problem was akamai within a minute. So I used AIM to ask a friend who could still resolve google what the ip was. he passed it to me over aim using gaim encryption no less. We then created an alias for google on our dns server. google.ourdomain.com.

    We also developed a new DNS protocol in the process. ESEDOIM: Extremely slow encrypted DNS over instant messenger. Who wants to write an RFC?

    --
    The GeekNights podcast is going strong. Listen!
  18. NANOG Postings by TheSync · · Score: 5, Informative

    From NANOG:

    From here neither www.google.com, nor www.apple.com work. Both seem to return CNAMES to akadns.net addresses (eg, www.google.akadns.net, www.apple.com.akadns.net), and from here all of the akadns.net servers listed in whois are failing to respond.

  19. Re:Terrorist attacks, anyone? by GlacierPilot · · Score: 5, Informative

    The real cost of a web site dropping is a lot more difficult to figure out than you might imagine. Say Amazon goes down for a couple of hours. Are all those potential sales lost forever? I doubt it. Some people will just come back and order later. The firm is unlikely to see any long term impact unless the outage becomes habitual. Non-retail sites probably have even more flexability. About the only area in which an outage could have a real, long term adverse impact would likely be in financial services. If Schwab goes down for half a day they will suffer big time for a long time. If you're talking "the economy" as in the big picture economy" suffering - forget it. Web based commerace isn't that important yet.

  20. Reminds me of a story by Venner · · Score: 5, Interesting

    Not too long after 9/11, I was surfing the net and needed to look up something at the Library of Congress for one of my classes. It wouldn't connect. At first I thought we'd just lost DNS (not so uncommon an occurance at my university in those days), but found I could still connect to slashdot.org and some other sites.

    Being a geek, I thought up a list of about 30 sites to ping, scattered across the US. (.govs and .edus mostly.) The ones that replied, I plotted on a US map based on their DNS LOC. (A project I wrote for a previous class.)

    I freaked out a bit when the mid-atlantic seaboard came up missing. I crossed my fingers hoping that it was just some idiot who'd accidently cut one of the main fibers (which it what it ended up being) and not that Washington DC was now a big hole in the ground.

    --
    A preposition is a terrible thing to end a sentence with.
  21. "DNS was not quite designed in such a way" by Ernesto+Alvarez · · Score: 5, Insightful

    you can still get to all those sites. You just have to REMEMBER the ip instead of depending on the computer to look it up for you ;). TCP/IP was designed to have not centeral point of failure and still does it's job well. DNS was not quite designed in such a way.


    DNS was designed to be robust enough. Not one root server but many (ok, that's the weak point, we've all seen many DDoS against them, but it's not THAT bad). All zones are handled by their own servers, and (in theory) multiple servers for each zone. All in all, it's not a bad design.

    If what happened was that someone put all the servers behind one link, it's not DNS' fault, the BOFH there screwed up (and considering it's akamai, they should not have done that).

    (If that's not what happened, sorry, I couldn't RTFA, it's slashdotted or there's some sort of DNS problem there too).
    --
    GPG 0x1B479C78
  22. How Sites are Coming Back Online by TheSync · · Score: 5, Informative

    From NANOG mailing list again:

    Google pulled references for akamais dns servers a short period ago. they are presently serving their own dns requests.

    Also:

    People seem to be getting around this by changing their DNS entries.

    E.g. www.yahoo.com always used to be a CNAME for www.yahoo.akadns.net. But
    now:

    # host www.yahoo.com
    www.yahoo.com is an alias for www.dcn.yahoo.com.
    www.dcn.yahoo.com has address 216.109.118.64
    www.dcn.yahoo.com has address 216.109.118.65
    www.dcn.yahoo.com has address 216.109.118.66
    www.dcn.yahoo.com has address 216.109.118.67
    www.dcn.yahoo.com has address 216.109.118.68
    www.dcn.yahoo.com has address 216.109.118.69
    www.dcn.yahoo.com has address 216.109.118.70
    www.dcn.yahoo.com has address 216.109.118.71
    www.dcn.yahoo.com has address 216.109.118.72
    www.dcn.yahoo.com has address 216.109.118.73
    www.dcn.yahoo.com has address 216.109.118.74
    www.dcn.yahoo.com has address 216.109.118.75

    Which is owned by Yahoo! (via HotJobs.com).

  23. Re:Interesting... by Xaroth · · Score: 5, Funny

    If it weren't slanted, it'd be |.

    (Apologies to whomever I'd seen that from before.)

    --
    That green slime had it coming.
  24. Re:Uh by Slime-dogg · · Score: 5, Insightful

    It is misleading to refer to the box as a "Linux" box. Was it really the kernel that was at fault for the machine being cracked, or was it a bug in one of the daemons that the machine was running? There are differences between a Linux box that runs BIND and another that runs EZ-DNS (or whatever).

    How about this: Instead of labelling the Akamai boxes that have problems as "Linux" boxes, label them as "BIND" boxes, or whatever DNS server it is that it runs. Perhaps there's a FreeBSD machine in there that is having similar problems.

    It is allowable, though, to refer to a Windows box as just that. MS ships an all-in-one product, and seldomly do admins use Windows to run BIND, Apache or other OSS servers.

    All of this hand-ringing in an effort to paint "Linux" as bad, or as "just as bad" is dopey. One might as well point a finger at the administrator of the machine that was hacked, the services that were running on it, etc. Most Windows problems are caused by the same thing too. It is wiser to point at the admin (and the services one chooses to run) than to point at the OS, or the kernel.

    --
    You need to restart your computer. Hold down the Power button for several seconds or press the Restart button.