Entire .SE TLD Drops Off the Internet

← Back to Stories (view on slashdot.org)

Entire .SE TLD Drops Off the Internet

Posted by timothy on Tuesday October 13, 2009 @04:01AM from the absolut-typo dept.

Icemaann writes "Pingdom and Network World are reporting that the SE tld dropped off the internet yesterday due to a bug in the script that generates the SE zone file. The SE tld has close to one million domains that all went down due to missing the trailing dot in the SE zone file. Some caching nameservers may still be returning invalid DNS responses for 24 hours."

7 of 207 comments (clear)

Min score:

Reason:

Sort:

Re:An oft overlooked single point of failure? by sexconker · 2009-10-13 04:25 · Score: 3, Interesting

Uh, it would make no difference.
DNS is hierarchical, and has teh caching.
2 independent groups running DNS would strive to make sure they sync with each other quickly - thus all failures would sync quickly too.
The difference between
- the delay of a correct change propagating across the two firms running DNS
- the delay of an incorrect change propagating within a single DNS
would essentially be zero.
No good things could come from what you propose unless it was specifically designed to have a 24 hour delay or something.
Can't get to milkmaids.se ? Try milkmaids.se via DNS2 to get a 24-hour old version.
This is something the CURRENT DNS system could support - explicitly calling for older versions.
In fact, it might be worthwhile. Somebody write an RFC.
DNS is the problem by cthulhuology · 2009-10-13 04:37 · Score: 4, Interesting

It still boggles my mind that anyone thought zone files are a good idea. The file format is so damn brittle, that a single byte can spell disaster. On top of that, the hierarchical naming structure presents an inherent systemic risk for all sub-domains as exhibited by this .se fiasco. Nevermind the injection attacks, Pakistan taking out Youtube, and the rest, you have organizations like Verisign which profit immensely off of keeping the system broken. And don't even bother mentioning DNSSEC, as it still doesn't resolve this fundamental issue. The next systemic fuckup will simply be a signed fuckup.
1. Re:DNS is the problem by Kynde · 2009-10-13 06:07 · Score: 2, Interesting
  
  The file format is so damn brittle, that a single byte can spell disaster.
  You know what, so is ELF. Who said you should write zonefiles by hand let alone without any kind of syntax verification.
  Input syntax is never really an issue. You only ever lack the necessary tools or you are unable to use them properly. It can always be hidden behind a precompiler or whatever necessary.
  Hmmm... wait, termcap. I stand corrected.
  
  --
  1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
2. Re:DNS is the problem by Schraegstrichpunkt · 2009-10-13 11:00 · Score: 2, Interesting
  
  It gets worse. In 2007, Paul Vixie wrote an article in ACM Queue basically praising the vagueness of the DNS protocol specifications:
  
  From this overview, it is possible to conclude that DNS is a poorly specified protocol, but that would be unfair and untrue. DNS was specified loosely, on purpose. This protocol design is a fine example of what M.A. Padlipsky meant by “descriptive rather than prescriptive” in his 1984 thriller, The Elements of Networking Style (Prentice Hall). Functional interoperability and ease of implementation were the goals of the DNS protocol specification, and from the relative ease with which DNS has grown from its petri dish into a world-devouring monster, it’s clear to me that those goals were met. A stronger document set would have eliminated some of the “gotchas” that DNS implementers face, but the essential and intentional looseness of the specification has to be seen as a strength rather than a weakness.
  
  --
  http://outcampaign.org/
Why MaraDNS uses a special zone file format by MaraDNS · 2009-10-13 05:10 · Score: 2, Interesting

This is why MaraDNS (my open-source DNS server) uses a special zone file format.
MaraDNS uses a zone file format that, for the most part, resembles BIND zone files. However, the zone file format has some minor differences so the common "Forgot to put a dot at the end of a hostname" and the "forgot to update the SOA serial number" problems do not happen; a domain name without a dot at the end in a syntax error in MaraDNS' zone file parser; if you want to end a hostname with the name of the zone in question, this has to be explicitly specified with a .% at the end of the hostname.
There is also a mechanism for automatically generating SOA records, or having a SOA record where the serial is automatically updated based on the "last write" timestamp for the zone file.
For people who want to use their BIND zonefiles, there is included a Python script that converts a BIND zonefile in to MaraDNS' similar zone file format.

--
MaraDNS is an open-source DNS server.
Re:No big deal by Beardo+the+Bearded · 2009-10-13 06:05 · Score: 2, Interesting

My biggest bug resulted in about a dozen tigers getting tranquilized.

--

---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
It's worse than that by Anonymous Coward · 2009-10-13 08:54 · Score: 1, Interesting

Obligatory Dota song