Entire .SE TLD Drops Off the Internet

Icemaann writes "Pingdom and Network World are reporting that the SE tld dropped off the internet yesterday due to a bug in the script that generates the SE zone file. The SE tld has close to one million domains that all went down due to missing the trailing dot in the SE zone file. Some caching nameservers may still be returning invalid DNS responses for 24 hours."

TPB

They are going to extremes in Sweden to get thepiratebay.org off the internet!

Re:TPB

[nstlgc]

Because we all know the MAFIAA are so technically capable!

Re:TPB

[trum4n]

Sweden? I don't think so! -Prof. Farnsworth

Re:TPB

[KevinKnSC]

It looks like someone messed up the summary. I'm pretty sure it should be:

Peengdum und Netvurk Vurld ere-a repurteeng thet zee SE tld drupped ooffff zee internet yesterdey dooe-a tu a boog in zee screept thet generetes zee SE zune-a feele-a. Zee SE tld hes cluse-a tu oone-a meelliun dumeeens thet ell vent doon dooe-a tu meessing zee treeeling dut in zee SE zune-a feele-a. Sume-a cecheeng nemeserfers mey steell be-a retoorneeng infeleed DNS respunses fur 24 huoors.

No big deal

[RPoet]

The downtime lasted 30 minutes, and most domains were probably cached by nameservers anyway.

Re:No big deal

[wsanders]

Yeah, been there done that. *My* fumble only brought 10,000 domains down for about 10 minutes, and no one noticed. (I think all the domains hosted only cat pictures anyway.)

Sorry, that's as big a responsibility as any employer has ever deemed suitable for my incompetent ass.

Re:No big deal

[eldavojohn]

The downtime lasted 30 minutes, and most domains were probably cached by nameservers anyway.

I once viddied an animated documentary about a small town in Colorado that lost the internet for 22 minutes. It was not pretty. Our hearts and minds go out to you, people of Sweden. I cannot even fathom what that would be like ... I hope the looting and rioting has died down with the restoration of the internet.

Re:No big deal

[scott_karana]

While the impact of this is no big deal, it's still kind of scary that the people running a decently-sized ccTLD would make such a novice mistake on their zonefile.

Re:No big deal

[CorporateSuit]

The downtime lasted 30 minutes, and most domains were probably cached by nameservers anyway.

I didn't notice the DNS freak out, but I did notice the internet's smug meter had dropped about 30%.

Re:No big deal

[eln]

The actual downtime is no big deal, but the reason it happened is. Evidently, the registrar for an entire country's domain likes to roll out changes to the primary zone file without any sort of testing or syntax checking first. Simply having a small network (one or two computers) running a test root server, and running your scripts against that first, would have discovered the bug.

DNS is very simple, but it's just as prone to human error as anything else. If you're responsible for the records of a large number of domains (like, say, an entire country), you probably ought to take some time to develop proper testing and change control procedures before you fiddle with it. It sounds like these guys didn't take it seriously enough and got burned. I hope they'll learn their lesson from this and change their procedures.

Re:No big deal

[someone1234]

For the pool souls in the .se domain, it was the end of the universe.

Re:No big deal

[corbettw]

No big deal? No big deal??? Where the hell else am I supposed to go to look at pictures of hot Swedish women hitting the nightclub scene (in a way that's at least a little SFW) if I can't get to http://www.thelocal.se/?

Re:No big deal

[JustOK]

Are you my motherboard?

Re:No big deal

I hope they'll learn their lesson from this and change their procedures.

Du måste vara ny här.

Re:No big deal

[The+Archon+V2.0]

It was not the whole internet, it was only .se tld ...

Can I riot anyway?

Re:No big deal

[MrMista_B]

You expect them to be absolutely perfect all the time no matter what, forever and ever? /That's/ unrealistic.

Re:No big deal

[Beardo+the+Bearded]

My biggest bug resulted in about a dozen tigers getting tranquilized.

Re:No big deal

I expect automated sanity checks before a modified zonefile goes live. Like, what would a domain name server receive when asking for a well known domain under that TLD? If that doesn't result in at least some records, warn the admin that the zonefile might not be correct.

Re:No big deal

[Chris+Mattern]

Depends. Do you live in Sweden? Do you have Swedish relatives? Are there any Swedish meatballs in your refrigerator?

Re:No big deal

[mcgrew]

I wish browsers would store the IP address of the page as well as the domain name in bookmarks. That way if the DNS server goes down you could still get to the site. Of course, the primary lookup should still be the domain name, since a site can have its address changed; the browser would only look at the IP if the DNS lookup failed.

Re:No big deal

[Hurricane78]

Nah. In Sweden, when you want to see hot chicks, you just have to go outside. Even looking out the window might suffice. ^^

Re:No big deal

[CorporateSuit]

DNS is very simple, but it's just as prone to human error as anything else.

Are you kidding? I've been programming DNS for a long time, and if theirs one thing I learned, its that programmers like me don't make errors.

Re:No big deal

[pyrrhonist]

but I did notice the internet's smug meter had dropped about 30%.

Norwegian detected.

Re:No big deal

[Mister+Whirly]

Yes, but all that damn annoying ABBA and Ace of Base is so distracting you can't DO anything with(to) the hot chicks.

Re:No big deal

[marsu_k]

Are you kidding? I've been programming DNS for a long time, and if theirs one thing I learned, its that programmers like me don't make errors.

If one doesn't count spelling errors, apparently.

Re:No big deal

[Sl4shd0t0rg]

This is serious! My Saab wouldn't start and all the doors were locked at my local Ikea during this outage you insensitive clod!

Re:No big deal

[dissy]

That feature would be very handy.

The main reason one can't simply record host/ip pairs right now, is due to named-based virtual web servers.
Even if you put in the IP manually, without sending the correct domain in the http request, you won't get the proper page.

Having the IP as a separate field in the bookmarks would let the browser connect to any IP you put there (be it cached, or manually changed when a server is renumbered), but it would still have the needed data to send in the http request to make the webserver work properly. /me smells a plugin request!

Re:No big deal

[Web_Teat]

whoosh!

Re:No big deal

[dmmiller2k]

So apparently it was nothing like the South Park episode where South Park lost its internet.

Re:No big deal

[zapakh]

I once viddied an animated documentary about a small town in Colorado that lost the internet for 22 minutes. It was not pretty. Our hearts and minds go out to you, people of Sweden. I cannot even fathom what that would be like ... I hope the looting and rioting has died down with the restoration of the internet.

At least it wasn't Finland.

All the same, somebody better tell Norway. They were really close.

Re:No big deal

[turbidostato]

"For those who love Adam Smith, in Argentina we have only two ISP providers, Telecom and Telefonica. Telefonica has bougth Telecom, so now we have a BIG monopoly on cell phones, wired phones, and internet services."

Ahhh... but that's prue free market in action, señor mío, so you must be grateful.

Re:No big deal

[turbidostato]

"When I worked for a major telecomm here in the US, one of our partner companies submitted a text file generated on a *nix machine [...] I found it more interesting that the reason why the partner company didn't want to muck with it was because the file would be 'validated' with their servers. The inclusion of two CRs threw off the checksum value and nothing would work."

So, the partner company sent you some files. You inserted them on your system which sudden and misteriosuly failed. You blame your partners. Your partners show beyond doubt that *you* trashed the files so it was your problem. And still you find it "interesting"?

"At least these guys could simply open the file and discern what the problem was. Yeah, shame on them."

So in the end, even when it was obviously *your* problem, it was *them* the ones that had to diagnose it and still you "shame on them"?

No wonder you post as an anonymous coward. Certainly I wouldn't want to have you for a bussiness partner.

Re:No big deal

[tdknox]

Speaking as someone who has done root DNS modifications, Sweden *doesn't do* the modifications. They submit a request, which is verified by two separate agencies, then forwarded on to VeriSign who makes the TLD change. Once the change is made, it is (supposedly) verified by at least 1 other person, and several scripts before being pushed live.

Re:No big deal

[Kalriath]

Incorrect. The zone file is hosted by Autonomica AB (who own the servers that are authoritative for the "se" domain according to the root servers).

If you were talking about a change to the NS records, you'd - I assume - be correct - Verisign operates a.root-servers.net (which I assume is the root)

Re:No big deal

[Kalriath]

Incorrect. Notepad does not interpret LF or CR on their own as a line break, so you'd find it pretty obvious that the file is malformed when the whole damn thing shows up on a single line. Wordpad will transparently fix it though.

Re:No big deal

[Vintermann]

"Yeah, been there done that. *My* fumble only brought 10,000 domains down for about 10 minutes, and no one noticed. (I think all the domains hosted only cat pictures anyway.)"

ICANN has cheezburger? (wow, someone has registered that domain already!)

Re:No big deal

[Carewolf]

My biggest bug resulted in about a dozen tigers getting tranquilized.

So you are the one releasing giant tranquilizing bugs into the jungle?

Re:No big deal

[feargal]

Sorry, that's incorrect, name-based virtual hosts pose no problem to this.

The webserver determines which virtual host is being requested by examining the Host: field in the http header. This happens well after the tcp session has been established, and that happens after the ip address has been determined.

When the browser looks for domain.example, it'll ask whatever resolver it uses to find an ip address to use. Once it has that ip address, it connects to it, and only then tells the webserver which host it wants. There is nothing to prevent the browser from using it's own cached version of the ip address and sucessfully making a connection.

Re:No big deal

[vegiVamp]

No, but I would expect them to have a staging service in place.

Re:No big deal

[FreakyGreenLeaky]

whoosh!

Re:No big deal

[dissy]

Sorry, that's incorrect, name-based virtual hosts pose no problem to this.

The webserver determines which virtual host is being requested by examining the Host: field in the http header. This happens well after the tcp session has been established, and that happens after the ip address has been determined.

Yes, exactly.

So when your bookmark is http://10.1.2.3/ then the browser will connect to that IP, and send Host: 10.1.2.3

No where in that transaction does it realize 10.1.2.3 should be www.example.com

With the setup I suggested, the bookmark would have BOTH fields.
www.example.com and a seperate 10.1.2.3

If the IP is given, it will not resolve www.example.com, but connect directly to 10.1.2.3 and send Host: www.example.com instead of the current method of sending Host: 10.1.2.3

When the browser looks for domain.example, it'll ask whatever resolver it uses to find an ip address to use. Once it has that ip address, it connects to it, and only then tells the webserver which host it wants.

And as I said, with nothing but an IP in a bookmark, that part will never happen.

There is nothing to prevent the browser from using it's own cached version of the ip address and sucessfully making a connection.

Correct. There is nothing preventing it, it is only that none of them do that.
My suggestion (actually the GP suggestion) is that the browsers SHOULD do that.

There goes my favorite web site !

Goat.se

Re:There goes my favorite web site !

[Tetsujin]

Goat.se

Huh... that's interesting. I've never heard of that one before... I think, though, that based on your recommendation I'll share the link with the rest of the office. I've seen a lot of your posts here in Slashdot, Anonymous Coward, and all the ones I've seen have been pretty highly rated, so I'm guessing you wouldn't link me to a website that wasn't interesting.

Re:There goes my favorite web site !

[TaoPhoenix]

(humor)
The satellite Microsoft Retro Fan Site Windows98.se also went down.

And look. My sig this month is all about your joke.
(No Closing tag. The humor never ends.)

Re:There goes my favorite web site !

[hldn]

that is a handsome looking fellow on that site.

Re:There goes my favorite web site !

[AliasMarlowe]

Goat.se

Arrgh... the horror... http://goat.se/cx You'll want to claw your eyes out!

change control / management, anyone?

[SuperBanana]

I seriously hope someone is fired or loses a contract over this. Where was the validation, change control, etc? I would expect that at the TLD level, a change to a configuration file would have to be inspected by someone AND run through some syntax-checking scripts...

As for the person who was modded up for saying "hey, no big deal, fixed in 30 minutes!", not quite. DNS servers (and individual computers!) cache negative results. Anything anyone did a query on during those 30 minutes will be negatively cached by their system and their local DNS server. Granted, a whole lot of local Swedish ISPs and network providers have probably flushed their DNS server caches, but it's still going to seriously impact traffic to many, many sites, especially for everyone outside Sweden.

Re:change control / management, anyone?

[Aphoxema]

It really isn't a big deal. The mistake was made, the world has the opportunity to learn from it and the economic impact was probably small but scalable enough to take seriously.

Now if it happened again I'd hope action were taken... don't be so vengeful, SuperBanana!

Re:change control / management, anyone?

Sweden porn?

IKEA instruction manuals?

Re:change control / management, anyone?

[soup4you2]

Might be a small issue, but no reason to get somebody fired over.. People make mistakes all the time.

Re:change control / management, anyone?

[e2d2]

I'll go one better and say we should try him in a military tribunal and sentenced to hard time in ADX. That will send the world a message - NO MISTAKES OR ELSE.

Get real man, this is a human error. Your struggle for perfection baffles my monkey brain.

Re:change control / management, anyone?

[Mathness]

I seriously hope someone is fired or loses a contract over this.

You'll be happy to know that the person responsible have been found. The person in question was described as having unusual bushy eyebrows and speaking in a thick Swedish accent. His last comment about the incident, before being dragged away, was "bork bork bork".

Re:change control / management, anyone?

[Neil+Hodges]

Don't you mean "I wrong code" in this context?

Re:change control / management, anyone?

[CRiMSON]

I hope you get fired when you make you a mistake.

Re:change control / management, anyone?

[Abreu]

Sweden porn?

IKEA instruction manuals?

For some reason, this came to my mind after reading your post: IKEA Erotica

Re:change control / management, anyone?

[cjeze]

To Err Is Human, To Forgive Divine.

Even with validation, change control etc errors can occur. Even with the most rigorous testing errors can happen, just look at NASA they are rocket scientists and even they make mistakes every now and then. Next time it could be you.

Re:change control / management, anyone?

[Phred+T.+Magnificent]

If this is the first time the responsible party has made a mistake like this, then it probably doesn't need to be a career-terminating experience.

With that said, though, you're entirely right that there should have been validation and change control!

Re:change control / management, anyone?

[marc_gerges]

I seriously hope someone is fired or loses a contract over this.

It seems a silly idea to fire somebody just after having invested $(whatever_this_snafu_is_supposed_to_have_cost) into his education.

Re:change control / management, anyone?

[davebooth]

Right AND wrong in one post :)

Excessive paperwork like 30 min to fill out a change request form to do something like make a 30 second edit to a config file and sighup a daemon is stupid and you'll hear no argument from me on that. Change control per se however, is essential, particularly in a large enterprise. Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree without cvs (or svn or $REPOS_OF_CHOICE, analogy holds either way.)

The problem is not change control, its the way it is implemented. Change control methodology is designed by PHBs who haven't actually done the tech work in years, if they ever did. It's then scribbled all over by a "business analyst" who thinks a sigpipe is a plumbing problem and by the time guys actually doing the work get hold of it it has become a nightmare of procedural BS when all you really needed was a way to make sure everything you do to a live production system is documented and that anything other than emergency break-fix at least got basic testing and a second pair of eyes looking at it before rolling it out.

Re:change control / management, anyone?

[RabidMonkey]

As a DNS admin myself, touching high value zones, let me tell you, missing a stupid dot happens all the time. All the change control in the world doesn't help when you just don't type one little period. Even more helpfully, most tools won't notice and the zone will pass a configuration check because missing the trailing "." is syntactically correct.

Let me add as well that "change management" that you want is just fantastic .. no making changes during core hours. When you run a 24/7 business, non-core hours means something like 2am. at 2am, I, and most mammals, are not at their mental best, so missing a single dot isn't horribly hard.

The only thing I'd suggest they do is use an offline test box for zones, then promote that change to prod. Then, you can load all the mistakes you want, do your digs, and if stuff works, THEN you move it to prod. I never ever make changes on production servers, they are done offline, tested, then put into prod with scripts. It makes it a lot harder for missing periods to make it into production.

Finally, this is a good reason why negative caching should have low TTLs. If you run a DNS server that can't handle low neg-caching TTLs, it's time to upgrade from a 386.

Cheers.

Re:change control / management, anyone?

[amorsen]

Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree without cvs (or svn or $REPOS_OF_CHOICE, analogy holds either way.)

I hate to break it to you, but until 2002 the Linux kernel was managed without automated version control. It worked quite well, actually.

Re:change control / management, anyone?

[drinkypoo]

I think the big failure here is that anyone is ever editing the file by hand. It should be created programatically and edited only with a tool so that an error like this can never happen. (Of course, other errors are possible; now you have to vet your code. But the tool need not be complex, and in fact should be small enough to be provable if you so desire.)

Re:change control / management, anyone?

[icebraining]

Yes, that's why we have testbeds. The problem is not the missing character or whatever, is testing stuff before making a change in a system which affects thousands of websites.

Re:change control / management, anyone?

[Chris+Mattern]

Even more helpfully, most tools won't notice and the zone will pass a configuration check because missing the trailing "." is syntactically correct.

Not if the configuration check you wrote checks for the trailing "." anyways. And if it doesn't, you need to rewrite it.

Re:change control / management, anyone?

[Burdell]

Obviously, it passed syntax-checking, or the server wouldn't have loaded it. What you are looking for is semantic-checking, which is much more difficult. I expect that the generation scripts will be expanded to check for more things; that's generally what happens (you check for what you can think of, and expand the checking when someone thinks of a better way to break things).

Negative caching (in BIND anyway) tops out at 3 hours (it looks like .se has it set to 2 hours). The NS record TTL is 2 days, so only about 1/96 of servers regularly looking up .se entries would have made a request during the 30 minute window.

As for somebody being fired for making one relatively simple mistake: were you fired from McDonald's, Burger King, and Wendy's every time you dropped a fry on the floor?

ObQuote: "Ok! Ok! I must have, I must have put a decimal point in the wrong place or something. Shit. I always do that. I always mess up some mundane detail."

Re:change control / management, anyone?

[Chris+Mattern]

Then why did they stop doing it?

Actually, I'll tell *you* why they stopped doing it: because Linus realized he was doing by hand a job that could be done much better by machine.

Re:change control / management, anyone?

[yffe]

I seriously hope someone is fired or loses a contract over this.

No, they got cake.

Re:change control / management, anyone?

[vlm]

I seriously hope someone is fired or loses a contract over this.

It seems a silly idea to fire somebody just after having invested $(whatever_this_snafu_is_supposed_to_have_cost) into his education.

Disagree... Obviously that file was being maintained by hand, BS press releases about scripts to the contrary. So the failure was at the management level for allowing such a crazy working procedure with no testing infrastructure at all. The only "education" the peon got was "typos cause problems", not exactly a Nobel prize winning contribution to human knowledge (although in comparison to a recent winner...) Since management doesn't make mistakes, and someone has to be the fall guy... the excuse will probably be "procedure stated no typos allowed".

Re:change control / management, anyone?

[Krneki]

Chill out dude. Go got a beer or a coffee, life is too good to waste it complaining about problems.

And if you get so emotional for 30min of Internet downtime you will probably die out of stress too soon.

Re:change control / management, anyone?

[Verdatum]

10 PRINT "Please manage airplane fuel."
20 GOTO 10

Re:change control / management, anyone?

[rs79]

It's not "a" dot, it's "every" dot. A bad script adn DNSSEC are to blame. Note that this is version 4 (5?) of dnssec. The earlier ones just didn't work.

And there's a real bad gotcha in the current one they haven't found yet that has still to raise it's ugly head. In time.

Re:change control / management, anyone?

[kirillian]

F*** You! I right code

we right the requirement down

I think I found the reason why you keep getting those airplane system parts back (right -> write)

Seriously though, I think you just forgot your /sarcasm tag...

My dad repairs airplane systems as well...he works with diagnosing/repairing/redesigning those circuit boards on the fly...they come in, like you said, late in the week, with that Friday deadline...then again...my boss likes to call up 5 minutes before go time, and ask me, "Can you just change this for me right quick?" That wouldn't bother me so much if people realized that something like that just ASKS for errors and bugs, especially the more complicated something is...No matter how careful the programmer and no matter how many unit tests you have, trying to code something in five minutes just is a bad habit to be in...it doesn't give you the time to think about various extreme cases and scenarios that could crop up.

Re:change control / management, anyone?

[Blakey+Rat]

at 2am, I, and most mammals, are not at their mental best,

I'm a black-footed ferret, you insensitive clod!

Re:change control / management, anyone?

[bertok]

I think the big failure here is that anyone is ever editing the file by hand. It should be created programatically and edited only with a tool so that an error like this can never happen. (Of course, other errors are possible; now you have to vet your code. But the tool need not be complex, and in fact should be small enough to be provable if you so desire.)

I agree, but I'll also be a monkey's uncle when free software is designed this way.

What does this failure have to do with free software? If anything, it should be easy.

Even if you have an open source DNS server that uses text files, a major DNS registrar should be automating the hell out of it. I'm struggling to think of a reason why you wouldn't generate all your DNS records from a database. The files aren't that complicated, and they're essentially tabular data anyway.

I once saw an admin go on about how much 'better' Linux DNS servers were, then spend 5 hours hunting typos in the DNS config and zone files. Eventually he got fed up, and then I took over and spent about 5 minutes clicking "next, next, next" to get a Microsoft AD DNS up and running, flawlessly. The difference is that AD builds most of the configuration automatically, gives no opportunity to use invalid zone files, and stores entries in a database. There is just no reason a large DNS registrar couldn't implement the same with a few days of scripting something around a database.

Re:change control / management, anyone?

[turbidostato]

"I would expect that at the TLD level, a change to a configuration file would have to be inspected by someone AND run through some syntax-checking scripts..."

Expect price and time-to-activation increase for second level domains way beyond current status then.

"DNS servers (and individual computers!) cache negative results."

Yeah, but in practice only for individual resources, not whole domains, since negative answers from authoritative sources must include SOA references as per RFC2308.

"Anything anyone did a query on during those 30 minutes will be negatively cached by their system and their local DNS server"

Now you know what happens when you are in a hurry and ask for a to-be-activated resource prior to its inclusion on the zone.

"but it's still going to seriously impact traffic to many, many sites, especially for everyone outside Sweden."

The fact is, well, it won't.

Re:change control / management, anyone?

[turbidostato]

"Then why did they stop doing it?"

Because it didn't scalate not because Linus thought his previous procedure made kernel quality lacking.

Re:change control / management, anyone?

[Eil]

I'm no DNS expert, but I can't fathom why negative responses are cached at all. You have many, many more requests for valid domains than you do for invalid ones and the vast majority of the invalid ones are one-off typos. I just don't see what the benefit is. We could do away with an entire class of sysadmin headaches if all resolver software configuration and network policies defaulted to not caching negative responses.

Re:change control / management, anyone?

[jonaskoelker]

Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree with cvs.

FTFY ;-)

Re:change control / management, anyone?

[amorsen]

Because Larry McVoy convinced Linus that version control could be automated in a useful way. Also, it helped for legal reasons during the SCO case.

Not that version control isn't useful, especially after the switch to git which made git bisect available to the unwashed masses.

Re:change control / management, anyone?

[jotaeleemeese]

"Excessive paperwork like 30 min to fill out a change request form to do something like make a 30 second edit to a config file and sighup a daemon is stupid"

It seems stupid, until one day you do it without the controls, you break somebody's vital process, and had to start with the explanations.

If you are working in a real business with real money or reputation to be lost, telling people that you are messing with their machines is a damn good idea, even if you think reconfiguring a daemon is nothing.

Re:change control / management, anyone?

[davebooth]

Agreed it has to be documented but a decent sysadmin or infrastructure architect is not a cheap resource - You dont want your most skilled and expensive staff doing stuff that is simply i-dotting and t-crossing and more importantly not in their core competencies. I never argued against change control itself, I wouldnt want to have responsibility for anything critical in an environment without it. It does have to be practical though.

For example, the best guy I ever worked for realized this and while we still had the monolithic and byzantine change management system, the word from the boss was "for non-emergency changes, email my secretary who will handle the forms and stuff. If questions come back you still need to answer them but I dont want you wasting your time over some auditors quibble over whether something is correctly coded for the type of service request or not" - effectively dividing up the work on the process so that the staff who were best trained to handle a particular part of it did so. Perhaps unsurprisingly, the teams under this guy had the best record for change management compliance in the entire company.

It's very much like security - if it's easy to comply with a policy, everybody will. If it's hard then you're giving folks an incentive to look for loopholes and work around it. Like security change control is an essential component of managing systems and networks but you cant afford to change manage yourself into total paralysis any more than you want to secure a server by shutting it down and unplugging it.

So I guess it's...

[6Yankee]

...borked!

Re:So I guess it's...

[vandelais]

I'm chopping up the zone files if that's ok with you (tosses random shyte over shoulder)
We'll scoop up all the trailing dots and put them in the stew

BORKBORKBORK!

Re:So I guess it's...

[Bazman]

Iceland? That would be BjorkBjorkBjork surely?

This is a Muppets' Swedish Chef reference.

Re:So I guess it's...

[Verdatum]

I can't believe I had to scroll through this many comments to find the first BORK joke! I was starting to get nervous!

Ah, the joy of automated oopsies.

[palegray.net]

One missing character, repeated a whole lot of times, results in an entire TLD going offline. Awesome.

Re:An oft overlooked single point of failure?

[sexconker]

Uh, it would make no difference.
DNS is hierarchical, and has teh caching.

2 independent groups running DNS would strive to make sure they sync with each other quickly - thus all failures would sync quickly too.

The difference between
  - the delay of a correct change propagating across the two firms running DNS
  - the delay of an incorrect change propagating within a single DNS

would essentially be zero.

No good things could come from what you propose unless it was specifically designed to have a 24 hour delay or something.

Can't get to milkmaids.se ? Try milkmaids.se via DNS2 to get a 24-hour old version.

This is something the CURRENT DNS system could support - explicitly calling for older versions.

In fact, it might be worthwhile. Somebody write an RFC.

unless you are swedish

[circletimessquare]

i don't think you have a right to call this no big deal

the internet is becoming more and more vital to our lives

its "no big deal" until you need to know something off the internet right now, high stakes

Re:unless you are swedish

[CharlyFoxtrot]

its "no big deal" until you need to know something off the internet right now, high stakes

I need to know what a fourteen year old thinks about copyright law and I need to know it NOW !

Re:unless you are swedish

[Hyppy]

The Internet was started as, and always has been, a "best effort" network. If a packet gets through, great. If not, well, it's not the end of the world. People have tried to code more and more resilient protocols on top to be as robust as possible, but in the end it's a very fragile system that can go down quite easily.

Anything sufficiently "high stakes" shouldn't rely on an unreliable medium.

Re:unless you are swedish

[clemdoc]

In which case you should have been thinking about taking your own precautions.

Re:unless you are swedish

[CannonballHead]

If a packet gets through, great. If not, well, it's not the end of the world.

Sounds like a lot of cities' approaches to freeway systems/traffic control.

Re:unless you are swedish

[medlefsen]

What are you talking about? Yes, for a single packet it's best effort, but you're ignoring all the other technologies and protocols that make up the internet. Assuming there is *some* route to the destination and enough bandwidth to support the extra packets that come from resending large amounts of lost packets and the Internet will always work. Don't confuse the low level architecture with the reliability of the entire infrastructure. Of course, all of that is irrelevant to this particular problem because this wasn't a connection problem but a software configuration error.

Re:unless you are swedish

[Gilmoure]

Cache your porn, folks. Just sayin'.

Re:unless you are swedish

[camperdave]

If a packet gets through, great. If not, well, it's not the end of the world.

Tell that to the "Operation SpoilSport" computers running the missle silos.

Re:unless you are swedish

[Verdatum]

Cache your Swedish porn, at the least.

Re:unless you are swedish

[an+unsound+mind]

And if you need the internet so badly, just DNS going down shouldn't change much anything.

Re:unless you are swedish

[Hyppy]

I'm not saying that the entire internet infrastructure isn't reliable, it's just not "high stakes" (which I read as life-or-death) reliable.

sweden is in scandinavia which is thule

[circletimessquare]

http://en.wikipedia.org/wiki/Thule

we all know that thule is the ends of the earth

so none of us should be surprised. it should have been anticipated that sweden would drop off the earth at some point. today's that day apparently

somewhere in sweden:

[nimbius]

an admin has popped back from lunch and asked, "hey guys did someone turn my computer off while i was gone? there was a file i was working on......"

DNS is the problem

[cthulhuology]

It still boggles my mind that anyone thought zone files are a good idea. The file format is so damn brittle, that a single byte can spell disaster. On top of that, the hierarchical naming structure presents an inherent systemic risk for all sub-domains as exhibited by this .se fiasco. Nevermind the injection attacks, Pakistan taking out Youtube, and the rest, you have organizations like Verisign which profit immensely off of keeping the system broken. And don't even bother mentioning DNSSEC, as it still doesn't resolve this fundamental issue. The next systemic fuckup will simply be a signed fuckup.

Re:DNS is the problem

[mypalmike]

And your robust solution to a scalable global directory of name-to-ip address mapping is... ?

Re:DNS is the problem

[upside]

Except the Pakistan affair was about the BGP routing protocol. I agree the file format is nutty, though.

I can't think of a better alternative to the hierarchical system, perhaps you have a suggestion. A flat namespace would be an administrative impossiblity, not to mention the stress it would put on name servers. Increasing the number of TLDs would lessen the impact of a single failure, though.

Re:DNS is the problem

[RalphSleigh]

Pakistan taking out Youtube had absolutely nothing to do with DNS, they wrongly propagated a BGP announcement for the youtube IPs outside of Pakistan, so about 1/3 of the internet routed traffic into their black hole instead of to Youtube. Pretty effective blocking had they kept it internal, but they didn't.

Re:DNS is the problem

Regedit32.exe

Re:DNS is the problem

[Skuld-Chan]

Well in the 1980's when the RFC was written for zone files (1034/1035) it probably sounded like a perfectly sound way to configure this sort of thing, same with DNS in general (RFC's for which were also written in the 1980's).

If it were invented from scratch today I'm sure it would resemble something like LDAP.

The fact we haven't had more mass DNS failures like this is actually surprising.

Re:DNS is the problem

[divisionbyzero]

It still boggles my mind that anyone thought zone files are a good idea. The file format is so damn brittle, that a single byte can spell disaster. On top of that, the hierarchical naming structure presents an inherent systemic risk for all sub-domains as exhibited by this .se fiasco. Nevermind the injection attacks, Pakistan taking out Youtube, and the rest, you have organizations like Verisign which profit immensely off of keeping the system broken. And don't even bother mentioning DNSSEC, as it still doesn't resolve this fundamental issue. The next systemic fuckup will simply be a signed fuckup.

Yes, it's a shame you were still in diapers when this solution was developed. They could have benefited from your vast wisdom. Or maybe not, if you think the problem with YouTube in Pakistan was due to DNS rather than BGP.

Re:DNS is the problem

[bwalling]

You do recognize that most of the protocols and specifications running the Internet are decades old, right? The fact that they've lasted this long is really rather impressive.

Besides, if we redesigned it now, it would be insanely complex and bloated, not to mention never fully implemented (CSS? ha!), as there would be too many parties "contributing".

Re:DNS is the problem

[photon317]

Part of the problem with DNS these days, which your post exemplifies, is that from very early on "BIND's implementation of DNS", and "DNS The Protocol" have been mashed together and confused by the RFC authors (who were involved with the BIND implementation and had motive to encourage the world to think only in BIND terms) and basically everyone who ever used DNS in any capacity. Zonefiles are not implicit in DNS address resolution (neither for authoritative servers or recursive caches). They really aren't any part of the wire DNS protocol for resolving names. They *are* part of a wire protocol for secondary servers that slave zonefiles from primary servers, but even in that case it's really more a "BIND convention" than a necessity. Ultimately how you transfer a zone's records from a master server to a slave server is up to however those two servers and their administrators agree to do so. You can skip the AXFR protocol that uses zonefiles and instead do something else that works for both of you. Inventing a new method of slaving zone data is easy and doesn't involved much complicated rollout. Some people just rsync zonefiles for instance instead of using AXFR today.

It's really frustrating (believe me, I've done it) when you try to implement a new DNS server daemon from scratch from the RFCs, and you have to wade through this mess of "what's a BIND convention that doesn't matter and what's important to the actual DNS protocol for resolving names on the wire".

Re:DNS is the problem

[Kynde]

The file format is so damn brittle, that a single byte can spell disaster.

You know what, so is ELF. Who said you should write zonefiles by hand let alone without any kind of syntax verification.

Input syntax is never really an issue. You only ever lack the necessary tools or you are unable to use them properly. It can always be hidden behind a precompiler or whatever necessary.

Hmmm... wait, termcap. I stand corrected.

Re:DNS is the problem

[rs79]

BIND was the spec for DNS for a while. But recently Vixie has washed his hands of that mess by saying "Don't use BIND as a spec".

Like that helps Paul.

Re:DNS is the problem

[rs79]

DHT. Thanks for asking. Efforts are already underway, quietly, so ICANN doesn't notice and cannot co-opt it. Oh, and name and address shortages? Thing of the past.

The end of an era where artificial scarcity to promote a monopoly to make the insiders very wealthy is nearly at an end. http://forum.icann.org/lists/bc-gnso/msg00134.html

I'm shocked nobody is asking "what have all those poeple done for 10 years and many many millions of dollars".

Re:DNS is the problem

[Schraegstrichpunkt]

It gets worse. In 2007, Paul Vixie wrote an article in ACM Queue basically praising the vagueness of the DNS protocol specifications:

From this overview, it is possible to conclude that DNS is a poorly specified protocol, but that would be unfair and untrue. DNS was specified loosely, on purpose. This protocol design is a fine example of what M.A. Padlipsky meant by “descriptive rather than prescriptive” in his 1984 thriller, The Elements of Networking Style (Prentice Hall). Functional interoperability and ease of implementation were the goals of the DNS protocol specification, and from the relative ease with which DNS has grown from its petri dish into a world-devouring monster, it’s clear to me that those goals were met. A stronger document set would have eliminated some of the “gotchas” that DNS implementers face, but the essential and intentional looseness of the specification has to be seen as a strength rather than a weakness.

Re:DNS is the problem

[bertok]

It gets worse. In 2007, Paul Vixie wrote an article in ACM Queue basically praising the vagueness of the DNS protocol specifications:

From this overview, it is possible to conclude that DNS is a poorly specified protocol, but that would be unfair and untrue. DNS was specified loosely, on purpose. This protocol design is a fine example of what M.A. Padlipsky meant by “descriptive rather than prescriptive” in his 1984 thriller, The Elements of Networking Style (Prentice Hall). Functional interoperability and ease of implementation were the goals of the DNS protocol specification, and from the relative ease with which DNS has grown from its petri dish into a world-devouring monster, it’s clear to me that those goals were met. A stronger document set would have eliminated some of the “gotchas” that DNS implementers face, but the essential and intentional looseness of the specification has to be seen as a strength rather than a weakness.

Correlation does not imply causation.

DNS didn't grow to be huge because it was designed loosely, it happened to grow big because coincidentally the Internet took off and become huge, and the Internet happened to use DNS. It would be a bit of a stretch to say that the Internet become the size it is today because one of the many underpinning protocols and standards was loosely specified.

The Internet could have used any number of alternate name lookup systems, and it would have grown to its current size just fine. The only element of DNS design that really helped at all was its hierarchical nature, which helped it scale.

Re:DNS is the problem

[mypalmike]

DHT doesn't remove the management problem.

so..

[PPNSteve]

the trailing dot got /.'d?

Why MaraDNS uses a special zone file format

[MaraDNS]

This is why MaraDNS (my open-source DNS server) uses a special zone file format.

MaraDNS uses a zone file format that, for the most part, resembles BIND zone files. However, the zone file format has some minor differences so the common "Forgot to put a dot at the end of a hostname" and the "forgot to update the SOA serial number" problems do not happen; a domain name without a dot at the end in a syntax error in MaraDNS' zone file parser; if you want to end a hostname with the name of the zone in question, this has to be explicitly specified with a .% at the end of the hostname.

There is also a mechanism for automatically generating SOA records, or having a SOA record where the serial is automatically updated based on the "last write" timestamp for the zone file.

For people who want to use their BIND zonefiles, there is included a Python script that converts a BIND zonefile in to MaraDNS' similar zone file format.

Re:Why MaraDNS uses a special zone file format

[grumbel]

Can MaraDNS handle IPv6 now? Last time I used it I had to ditch it in end as IPv6 support was lacking.

Re:Why MaraDNS uses a special zone file format

[MaraDNS]

Yes, MaraDNS supports IPv6. There are some hoops you need to jump through to do it, but it's there and it works depending on what you use MaraDNS for.

The best place for MaraDNS support is on the MaraDNS mailing list. To join the mailing list, send an email to list-request {at symbol thingy} maradns.org with the word "subscribe" in the subject and body of the message.

If you want to discuss MaraDNS IPv6 support further, or have more questions, please continue this discussion on the mailing list.

NSD

[funkboy]

If they were using NSD like the RIPE does for K root, the zone compiler wouldn't have compiled the faulty zone file and the parser would have made noise about it. NSD is very hard to break as the zone files must be compiled into a database before loading. The parser simply refuses to compile when there are zones with errors in them, so the database it creates will never be bogus (similar to the way a compiler won't create an executable if the source code violates its rules).

Re:An oft overlooked single point of failure?

[Otto]

You can't protect against a single point of failure when you're talking about a person updating a system. Redundancy protects against computer error, not human error.

See, ultimately, somebody, somewhere has to be responsible for the name updating. Having it in two places just means that an incorrect update gets pushed to both places by the person making the change.

In this case, the effects were minimized by the nature of DNS itself, and the caching mechanisms involved. Most servers probably never saw the changes. Those that did will get their caches cleared fairly rapidly, and the effect is minimal.

There's møre to Sweden than .se

[93+Escort+Wagon]

Wi nøt trei a høliday in Sweden this yer?

See the løveli lakes

The wonderful telephøne system

And mani interesting furry animals

Re:There's møre to Sweden than .se

[rainmaestro]

We apologise for the fault in the previous post. Those responsible have been sacked.

Re:There's møre to Sweden than .se

We apologise again for the fault in the previous post. Those responsible for sacking the people who have just been sacked have been sacked.

named-checkzone?

[natxo+asenjo]

Didn't they use something like this before reloading the zone? If the mistake was a missing '.' it should've given you big warnings ...

http://ftp.isc.org/www/bind/arm95/man.named-checkconf.html

oops

[natxo+asenjo]

obviously mean http://ftp.isc.org/www/bind/arm95/man.named-checkzone.html

Nö There's Nöt!

[andersh]

The Swedish alphabet does not have the letter "ø", it's written "ö" in Swedish. The letter "ø" is found in Danish and Norwegian.

The letter is NOT a ligature or a diacritical variant of the letter o! The vowel it sounds most like is the vowel in "bird" or "hurt".

What's a " .SE TLD"?

[Hurricane78]

That's how it looked like in Thunderbird's RSS reader.

Re:There goes my favorite web site ! [Goat...]

[Tablizer]

Don't worry, there's plenty of mirrors......unfortunately.

The Trailing Dot

[Zarf_is_with_you]

How many times have we all forgotten that Dot. :)

Funny how the software tells you that the dot is missing, why can't the software just fix it by now NAMED/BIND deserves a A.I. by now for sure.

Re:An oft overlooked single point of failure?

[flyingfsck]

No, it was a single dot of failure.

Re:More signs that the Idiocracy is fast approachi

[Darinbob]

So then, logically, what we need are computers that can think for themselves Then we could just let them run things for us, without human error. I think I'll start by just connecting these two supercomputers together. What could go wrong...

Upgrade .com to .exe

[argent]

Regedit32.exe

I agree. It's long past time for the .com domain to be upgraded to .exe.

Re:Upgrade .com to .exe

[shutdown+-p+now]

I agree. It's long past time for the .com domain to be upgraded to .exe.

No, .exe is the new domain for malware and trojan distribution websites. Did you miss the recent ICANN memo?

It happens

[fluor2]

Because Unix admins never test-run their code.

Re:An oft overlooked single point of failure?

[jtcampbell]

What about regression testing?

It'd be quite possible to run a check and throw a warning if a change effects greater than a certain percentage of domains. Or you could check against a sample of domains that really aren't going to change (I'm thinking mcdonalds.se, ibm.se etc etc).

A moose once bit my DNS...

[AliasMarlowe]

...and the DNS bit everyone else.

Re:No There's Not!

[bloobloo]

Hand in your geek card: http://www.youtube.com/watch?v=4I2qWq9L6rw#t=1m00

It's worse than that

Obligatory Dota song

3 hours, not 24

[ScaryPhil]

BIND's max-ncache-ttl setting defaults to 3 hours for a good reason. Negative caching TTLs are capped to avoid everlasting NXDOMAIN records sitting in recursive caches.

not the key

[Koutarou]

What a disappointment, I saw the title and was thinking DNSSEC key-rollover screwup. THAT would have made for a righteous thread.

It's only Sweden ...

[Dark$ide]

It doesn't matter. .SE is only Sweden. If .SEX fell off; then the whole Internet would melt down into a small singularity.

Re:An oft overlooked single point of failure?

[turbidostato]

"In this case, the effects were minimized by the nature of DNS itself"

Well, at least somebody shows some common sense.

Of course, losing a whole TLD even if only for half an hour is a shame probably the one that did it won't include in his resume, but the fact is that nobody will expend more on secure a resource than it's very value. DNS is basically distributed, cached information described on plain text files; if an update works (which is vastly most of the time), it works; if it isn't you detect the failure within seconds (logs at reload), it is not so tragical (the previous information will be cached through the Internet), it's easy to spot (is a diff away) and you can easily revert to the previous version plus higher serial number in the meantime. No need for triplechecks that triplicates the costs and will bring in their own share of bugs to the equation.

Simple solution

[straponego]

Everybody set all your TTLs to 1.

the internet is like a swedish bikini model

[gemada]

you don't realize how valuable they are until they go down on you.

Internet != web

[tequila13]

From TFA:

The entire Swedish Internet effectively stopped working at this point.

That's incorrect. Only domain lookups weren't working. The Internet was working fine.

Whay should somebody be fired for this?

[jotaeleemeese]

I am sick and tired of this kind of knee jerk reaction.

Unless is somebody that consistently has been messing things up and has been warned, I don't see why this should be a firing somebody issue.

It is not like we are all perfect, right?. RIGHT?

movie and music industry

[cre_slash]

so this is not something done by MPAA or RIAA to prevent people from accessing thepiratebay? :P

Turn it over to a woman to manage

[Artifex]

Guarantee she'd detect a missing period earlier.

Re:An oft overlooked single point of failure?

[Otto]

Of course you can.

When transcribing medical records, double-or-triple keying the data is the norm.

And where does this data come from? The doctor? The testing lab? What happens when the error is in the source that you give to three people to key in?

Ultimately, all data to be input derives from somewhere. An error there will just get duplicated down the line.

Re:An oft overlooked single point of failure?

[Otto]

What about regression testing?

It'd be quite possible to run a check and throw a warning if a change effects greater than a certain percentage of domains. Or you could check against a sample of domains that really aren't going to change (I'm thinking mcdonalds.se, ibm.se etc etc).

- The total impact was less than an hour.

- The number of affected users was likely only in the dozens range (thanks to DNS caching).

- Even individual computers use DNS caching nowadays. All Windows machines, for example, cache DNS lookup results for a default of a day or so.

- Do we really need to develop a cumbersome and expensive process to solve a most likely one-time problem that affected virtually nobody in any serious way?