Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Root Server Shut Down After DNS Problem

Posted by timothy on from the need-a-new-source-of-ginseng dept.

itwbennett writes "After a networking error first reported on Wednesday last week caused computers in Chile and the US to come under the control of a system that censors the Internet in China, the 'root DNS server associated with the networking problems has been disconnected from the Internet,' writes Robert McMillan. The server's operator, Netnod, has 'withdrawn route announcements' made by the server, according to company CEO Kurt Lindqvist."

3 of 91 comments (clear)

  1. So I guess you could say... by Anonymous Coward · · Score: 5, Funny

    They got to the "Root" of the problem.

    [ducks]

  2. Re:route announcements? by pv2b · · Score: 5, Informative

    Here's a graph of the network structure as seen by BGP.

    AS29216 at the right is the AS which I.ROOT-SERVERS.NET is located in. As we can see, it is only reachable through AS8674 (NETNOD-IX).

    Which in turn is reachable directly from a few different AS:es, including AS24151 (CNNIC-CRITICAL-AP).

    My guess is that Netnod simply started filtering out the routes to AS29216 via AS8674 on the BGP session to AS24151.

    The DNS server itself might have been using BGP, it might not have. But in the end every system on the Internet is reachable with some kind of BGP route somewhere.

  3. Re:What happened? by mysticalreaper · · Score: 5, Informative

    Your suggestion makes sense, but that's not what happened.

    Something like this

    I.root-servers.net (beijing) -> chinese networks -> Chile networks

    So, the real I root server sent correct answers to the querying computer in Chile. But, as the DNS packet travelled across the Chinese network, it was modified, and so the packet received by the Chilean network was false, returning a fake IP address for some domains, like 'facebook.com'.

    This is called a 'man-in-the-middle attack'. The Chinese network, in the middle, is modifying packets.

    Once the I root server operators realized this was happening, they stopped the BGP route announcement from the I root server node in Beijing, so that queries to i.root-servers.net would not be answered in Beijing, but instead by the other i-root nodes. There are 34 currently, so no problems with load would occur shutting off one node.

    Hopefully that makes sense.

    P.S. www.root-servers.org