Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google DNS Glitch Caused Outage

Posted by CmdrTaco on from the not-much-else-happens-on-sunday-morning dept.

An anonymous reader writes "Google suffered a pretty long outage saturday evening, due to some DNS glitches, according to company spokesperson. All Google services were down for a while, including Gmail and Google AdSense. There seems to be a DNS hijack, as some screen grabs show that Google.com was redirecting to another site, SoGoSearch.com. "

26 of 283 comments (clear)

  1. Whois Entries Not Indicative of a Hack by LogicX · · Score: 5, Informative

    Everyone keeps freaking out because when they run a whois query they get this:

    GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.C OM
    GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGI NE .THAN.SECZY.COM
    GOOGLE.COM

    This is NOT at ALL indicative of a hack.

    All this means is that gulli.com chose to register a DNS server with their registrar called 'GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.CO M' instead of ns1.gulli.com -- to do EXACTLY what they just did -- got your attention.

    Simmer down everyone. If you whois ANY major site you'll see similar things. (Just try Microsoft.com)

    --
    May this post be indexed by spiders, and archived for all to see as my Internet epitaph.
    1. Re:Whois Entries Not Indicative of a Hack by A+beautiful+mind · · Score: 4, Informative

      Also the Screenshots are just about BROWSER GUESSES. The screenshots show http://www.google.com.net!

      You know, it's what happens when the browser can't find the given domain name (dns servers are down), that it tries www.google.com.com, then www.google.com.net and it happened to be already taken by the site in the screenshots.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
    2. Re:Whois Entries Not Indicative of a Hack by Megane · · Score: 4, Interesting
      Wow, I thought that trick stopped working like four years or so ago. I even had one of those kind of entries, but took it out when the search stopped showing them.

      Looks like these clowns aren't just limiting themselves to Google...

      AOL.COM.IS.N0T.AS.1337.AS.GULLI.COM
      AOL.COM.IS.0WNED.BY.SUB7.NET
      AOL.COM.CANDICE-CHAMBERLAIN.COM
      AOL.COM.AINT.GOT.AS.MUCH.FREE.PORN.AS.SECZ.COM
      AOL.COM
      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    3. Re:Whois Entries Not Indicative of a Hack by AndroidCat · · Score: 3, Informative
      Because, by default, whois does a search match on the entire record rather than just the name. Since the names of a domain's DNS servers are part of that record, some smartasses with spare domains load up the DNS server names with useless extra strings that will match lookups against popular domains like google.

      This only confuses humans, and has nothing to do with Google's outage and overly helpful browser code.

      --
      One line blog. I hear that they're called Twitters now.
    4. Re:Whois Entries Not Indicative of a Hack by Wieland · · Score: 3, Informative

      Mozilla Suite: Edit -> Preferences -> Navigator -> Smart Browsing -> Domain Guessing

      Firefox: Go to about:config and set user_pref("browser.fixup.alternate.enabled", false);

  2. Laugh! by stabChmo · · Score: 3, Funny

    So go search Google!

    --
    YOU are educated stupid. YOU must seek Time Cube.
  3. Google Web Accelerator by Message+Board · · Score: 4, Funny

    Last night, Google Web Accelerator was accelerating just fine... except for the fact that when I tried to make it proxy google.com it told me that the web site wasn't available, and to try search Google for the site. Needless to say, that didn't work either.

  4. Pre-FP by LogicX · · Score: 3, Informative

    Ironically people have been freaking out about this, even before slashdot posted the story; leaving comments in other articles

    --
    May this post be indexed by spiders, and archived for all to see as my Internet epitaph.
  5. SoGoSearch didn't hijack by Anonymous Coward · · Score: 5, Informative

    SoGoSearch didn't hijack Google's DNS. They registered a domain name google.com.net. Because the browser couldn't find google.com it tried as google.com.net. It has nothing to do with them hijacking any DNS.

    I do think it is unethical to register a domain such as google.com.net if you are not Google, but that is a different thing.

    1. Re:SoGoSearch didn't hijack by ryanjensen · · Score: 4, Informative
      Thing is, they didn't register "google.com.net" - they registered "com.net". The "google" part is called a wildcard, and any "*.com.net" would go to SoGoSearch. (See this report about yahoo.sex.com).

      The real problem lies in web browsers that append ".net" to a domain name when the .com version cannot be accessed.

      --
      The Ezine Directory
    2. Re:SoGoSearch didn't hijack by Gollum · · Score: 5, Insightful

      In fact, I think they registered com.net, and simply created a wildcard DNS result for anything under that, which points to their search page.

      As the parent says, it is common behaviour for browsers to try appending common TLD's to the end of an URL that is not found verbatim. When Google went away, the browser appended .net to google.com, and ended up at *.com.net.

      A bug that people seem to be ignoring is that whatever browser is shown in the screenshot did not show the correct URL after the .net was appended, but left the original URL in the location bar.

    3. Re:SoGoSearch didn't hijack by Dun+Malg · · Score: 4, Interesting
      com.net, net.com, etc should be reserved.

      A better idea is to not have such brain-dead DWIM "features" in the browser. What kind of stupidity is it to blindly append a TLD to a URL that already ends in a valid TLD?

      --
      If a job's not worth doing, it's not worth doing right.
    4. Re:SoGoSearch didn't hijack by autocracy · · Score: 4, Informative

      It's definitely a browser problem. The resolver doesn't do that... the browser makes the other requests after being told NXDOMAIN by the resolver. So, while the issue comes from getting the wrong DNS response, it's because the browser asked the wrong questions thereafter. This also doesn't have to do with search directives. I'm sure there's something you're saying that I'm calling differently than you mean, but it's still an issue of the browser in this case.

      --
      SIG: HUP
  6. Not a hijack by Kip · · Score: 5, Informative

    They were just taking advantage of browser behavior.

    www.google.com.net leads to sogosearch.com

    When a browser fails to resolve an address, they will try adding .net and .com to the end of the address on the assumption maybe the user forgot to add it.

  7. Has it gotten to this point yet? by fwice · · Score: 5, Insightful

    Are people really this dependant on google that when there is an outage, people really flip out?

    I mean, there are other search engines.
    Other email services.
    Other mapping things.

    Seriously, what were people doing a couple years ago? If your life is that in tuned to google, maybe its time to 'log off' (and pardon the cliche).

    1. Re:Has it gotten to this point yet? by jmaslak · · Score: 3, Informative

      I'm sorry, but "important" email being sent to a free email account?

      If you get important email, I suggest paying for an account that provides support as part of the price. "Free" doesn't typically mean "great support", not even in the case of Google.

  8. Just a DNS glitch by Eric(b0mb)Dennis · · Score: 3, Informative

    Lots of rumor of DNS getting poison and/or google site getting hacked. The reason benig is people thought google.com was going to SoGoSearch.com..

    But apparently it was just their browser's not finding google.com and trying to go to Google.com.net

    Stop flipping out!

    --
    Excuse me, I don't mean to impose, but I am the ocean
  9. So the DNS was down... by Karakth · · Score: 5, Funny

    Just 216.239.57.99 it.

  10. Re:It's time to end our dependence on google by EllF · · Score: 3, Insightful

    ...or perhaps we reject Microsoft because we disagree with its corporate goals, and find its products to be substandard, while agreeing with Google's, and find its offering to be exactly what we want?

    --
    We who were living are now dying
    With a little patience
  11. Google didn't cash 400,000 US$ during that time by astrab · · Score: 5, Interesting
    According to gigaom.com, Google acknowledges having suffered a 'DNS blackout' for two hours (aprox) this past Saturday, and users couldn't access the search engine.

    During Q1 2005, Google cashed $657 million by showing sponsored links on search results. This means 300,000 US$ per hour. Taking into account that this issue happened on Saturday (less users), we can estimate the 'non-revenue' figure in 400,000 US$ aprox, without considering other non-working services like Google AdSense, which probably suffered problems during this time.

    http://google-blog.dirson.com/post.new/0260/

  12. Re:It's time to end our dependence on google by dfjghsk · · Score: 5, Informative
    Google with it's 85% market share. Google with its total control of the web search market.

    Except, its market share is only 35%.. which is far from a monopoly. (For comparison, yahoo is at 32%)

    Only here on slashdot does everyone think google completely controls the web search market.

    --
    Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
  13. This hit Microsoft as well by Nichotin · · Score: 4, Funny

    Didn't anyone notice?

    --
    Dvorak on Doomtech
  14. Re:SoGoSearch by AndroidCat · · Score: 3, Informative

    Google's DNS was down, browsers did something that most people don't expect. Nothing to see, move along.

    --
    One line blog. I hear that they're called Twitters now.
  15. Re:Slashdot and Google by jdgeorge · · Score: 3, Informative

    I wonder if Google's shareholders feel the same way or if they understand that they do owe their customers? They're a business; they owe me whatever it is I feel like asking for or I'll go elsewhere.

    Are you an advertiser on Google? If not, it sounds as if you are confusing what Google owes shareholders (return on investment) and their customers (advertisers) with what Google owes the user, (technically, nothing).

    It is true that Google tries to provide a good experience for users, and that helps provide value to the advertisers and return on investment the shareholders are owed.

    If, on the other hand, you are an advertiser, you should realize that Google's first obligation is to its shareholders, not its customers or its users.

    (Okay, I realize that Google has other customers than advertisers, e.g. those who purchase Google's search services, users of Google Answers, etc., but my impression is that advertising generates the bulk of Google's revenue.)

  16. With google down.. by kun · · Score: 5, Funny

    With google down who's going to raise my children!?

  17. Re:Good example of why SPF's security holes by LogicX · · Score: 3, Insightful

    What does SPF have anything to do with this?

    If your domain is high-jacked due to a fault with the security of your domain registrar, then yes, you have bigger problems than any anti-spam solution.

    This is not the purpose of SPF

    If you read spf.pobox.com You can learn that SPF is merely designed to be a system which can eliminate domains being spoofed in the from field of spam messages.

    If someone is using one of my domains (logicx.net) to send spam; I can reduce the affect of such a joe-job attack by having a published SPF record; such that receiving systems can verify if the email came from a logicx.net mail server, and reject it appropriately.

    SPF and PGP have entirely different authentication approaches. I'd go so far as to say that PGP is more integrity checking.

    SPF is a verification that mail for a particular domain came from an appropriate server -- with the goal of disposing false emails (spam, spoofs, etc.)
    This is not at all a system to verify users on that particular email system.
    This is where PGP steps in -- It is used to verify the integrity of the email -- that it came from a particular user, and came unaltered.

    Finally, where has it been verified that their was a breach of their DNS system?

    All of the screenshots have now been confirmed to be a firefox situation where when DNS failed it resolved www.google.com.net -- which resolved to the people who own com.net

    --
    May this post be indexed by spiders, and archived for all to see as my Internet epitaph.