Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions of .de Domains Unreachable For Hours

Posted by CmdrTaco on from the wo-ist-jones.de dept.

An anonymous reader writes "Due to an error on behalf of DENIC, the German DNS registrar for second-level .de domains, millions of .de domains fell over the edge (auf Deutsch) of the Internet today. The cause of this GAU (GröYter anzunehmender Unfall = maximum credible accident) is still unknown, as DENIC officials haven't answered any questions from journalists at the time of writing."

12 of 83 comments (clear)

  1. Re:auf Deutsch? by kju · · Score: 4, Informative

    Why complain? It's nothing else than the typical bad work of the so called "editors" of slashdot. They also did not notice that a charset conversion error occured. The german phrase is "Größter anzunehmender Unfall", not "GröYter anzunehmender Unfall". But why should we expect that paid editors do actually work?

  2. Re:auf Deutsch? by tomhudson · · Score: 5, Funny
    How hard is it to figure out this?

    Denic Probleme mit den .de-Rootservern? (Update 2)

    Derzeit lassen sich viele .de-Domains nicht auflösen. Schuld daran könnten Probleme auf Seiten der Denic sein, die die Rootserver für die Top-Level-Domain .de betreibt. Mittlerweile ist das Problem behoben.

    Problems with the root .de name server. Of course, it's funnier if you don't know that "die" is "the" in german: "die die Rootserver für die Top-Level-Domain .de" so in germglish it becomes "die, die, tld .de rootserver" OMG terrorist threat!

  3. Re:auf Deutsch? by Anonymous Coward · · Score: 5, Funny

    Unicode on slashdot? UNPOSSIBLE

  4. Some more details about the outage by kju · · Score: 5, Informative

    The problem did not affect all domains and it did not affect all nameservers for the german TLD. The nameservers which are reached through "c.de.net" (== c.nic.de) and "s.de.net" (== s.nic.de) more or less worked fine during the outage. Only for a short period of time they did not answer. The other nameservers for .de however lost the knowledge of most domains under the TLD and only returned NS-records for the domain names starting with a digit or with the letter a to e. So for example br-online.de worked fine, while web.de did not. The really bad part is, that the affected nameservers did not refrain to answer but instead answered with NXDOMAIN. So they told that they do not have a record for the query, which in turn effects to "This domain does not exist". Unfortunately such negative answers are cached for a time determined by the authorative nameserver. DENIC's nameserver tell clients to cache this result for 7200 seconds, therefore the outage continued to make problems for up to two hours after the problem was fixed, unless the DNS caches were cleared.

    One more thing to notice: Some sites claim that four of the six nameservers for .de were affected because six hostnames are listed as nameservers for .de and as i told, two of them did work. However both a.nic.de and z.nic.de resolv to anycast IPs which will be routed to a number of different servers around the world depending on your own location. So it are more than six servers in total.

    1. Re:Some more details about the outage by nullchar · · Score: 4, Informative

      According to the DENIC registrar's mailing list, this was just an administrative fuckup. DENIC apparently runs Bind, (on at least the 4 affected logical servers) and they reloaded Bind with an empty zone file. Since the six logical servers are all authoritative, the empty-zone-file servers replied with NXDOMAIN (as they should have).

      The parent is correct, non-existent domain responses should only be cached for 2 hours.

      Since .de is the largest ccTLD (by count of registrations), this is a pretty big deal. On April 3 2010, there were 13.5 million registered .de domains. I wonder how long it took Bind to start with that many zones!

    2. Re:Some more details about the outage by mseeger · · Score: 4, Interesting

      The DE-NIC finallly spoke out. If you don't speak german, the statement doesn't contain anything that wasn't already well known: Yes, there was an problem starting at about 13:00 and it was fixed around 15:45.

  5. "Official" response by Anonymous Coward · · Score: 5, Funny

    Here is the response I found on the denic.de site : http://www.denic.de/typo3temp/pics/i_64bbbffdb3.jpg

  6. DNSSEC to blame.... by mseeger · · Score: 4, Interesting

    According to my informations (DFN NOC) the problems resulted from a botched experiment with DNSSEC. Unluckily the DE-NIC is still silent about the incident.

  7. Re:auf Deutsch? by Anonymous Coward · · Score: 4, Informative

    Also, "GAU" is probably better translated as "worst-case scenario".

  8. Schon. by CorporateSuit · · Score: 4, Funny

    Lufthansa (in German): "Ground, what is our start clearance time?"
    Ground (in English): "If you want an answer you must speak in English."
    Lufthansa (in English): "I am a German, flying a German airplane, in Germany. Why must I speak English?"
    Unknown voice from another plane (in a beautiful British accent): "Because you lost the bloody war."

    --
    I am the richest astronaut ever to win the superbowl.
  9. Constantin Films/YouTube/Der Untergang by BenJeremy · · Score: 4, Funny

    Looks like they put a DMCA takedown notice on the entire country.

    ...I will forever wonder what Hitler would say about this.

  10. Re:We call that... by Mindcontrolled · · Score: 4, Informative

    True. The engineering term for a GAU is "Auslegungsstörfall" - you gotta love German composita. It roughly translates to "design basis accident" - the biggest accident covered by you fail-safes. The "GAU" acronym is mostly misused these days.

    --
    Ubi solitudinem faciunt, pacem appellant.