Some religious folks have told me that there is no such thing as believing in God with less than 100%. Either you believe or you don't. But, alas, it comes to no surprise that people can't even agree on that assertion.
Personally I do agree that the nature of faith is in accepting things as ultimate truth without conclusive evidence. With this criterion, disowing God is also a religious statement (believing something without conclusive evidence).
This leaves agnosticism (whether empirical or naive type) as the only truely logical choice. If there is no conclusive evidence, there is no established fact. Belief and logic do not mix.
"We do know that attack was against four sites that happened to be Akamai customers," company spokesman Jeff Young said. "But I don't know if the intent was to go after Akamai or go after Web properties that happened to be customers of ours."
Tuesday's outage comes nearly a month after Akamai reported glitches in its content management tools, causing some slowdowns.
Other parties may not agree with that assessment. Keynote earlier Tuesday reported the Akamai DNS system outage and speculated that Cambridge, Mass.-based Akamai was the target of a denial-of-service attack, which then caused the Yahoo, Google, Microsoft and Apple sites to fail.
Dug Song, security architect for network security company Arbor Networks, said the outage appeared to be an Akamai problem. During the outage, Song noticed that sites such as Google were still functional, but someone typing www.google.com couldn't get to that site, because the address would not translate into its numeric Internet Protocol code.
Note the fact that during the outage for example google.com got you through to the Google home page because google.com had and still has (due to DNS standards) an A record in a Google DNS server (as opposed to host names like www.google.com which can have CNAMEs to outside domains). And there were reportedly no problems getting there (for example I didn't have any, but this arguably could be because so many others were failing this simple "try the domain name only nerd test").
Where do you suggest Akamai should backup their DNS then? To the networks of the backbone carriers they colocate their distributed servers with? Really, lets hear this.
Remember that the content providers have their DNS backups and they were utilized during this outage.
In the current configuration, should Akamai suffer a total failure or fault, all their DNS will go away, unless they have a backup service handy, and can repoint the 13 root servers to it in time.
Thats exactly what they did and it accounted for the about 2 hours of no access. The "Refresh" fields of the SOA records are usually 7200, which translates to 2 hours (3600 seconds). So the mean time for a user to get the updated and working DNS info is one hour, unless the DNS server cache is refreshed manually before that (I think you can do that by using the recursive option of a query with most DNS client/resolvers if you are not running your own DNS server).
They have tracked the attacker back to person that is at the Akamai Technologies ISP
Doesn't that contradict the DDoS attack theory? If the attacker is already there, where does he need do Distribute his DoS to?
Besides, the original ISC Handler Diary (at June 15th 2004 14:31 UTC) said: Some of the Akamai servers do respond to pings, but do not respond to DNS queries.
Which is another clue that the DDoS theory might not be as plausible as an internal, perhaps intentional, screwup (if a DoS attack is bombing a DNS server out of its resources, it wont be responding to pings in an expeditious fashion).
It will be interesting to follow the story in the days to come, especially whether the authorities will be involved or if the matter is quietly swept under the rug by Akamai.
Yes, the requirement of two nameservers was written up in RFCs quite late (1996) and as an informal (informational) at that:
RFC 1912
2.8 Authority and Delegation Errors (NS records)
You are required to have at least two nameservers for every domain, though more is preferred. Have secondaries outside your network. If the secondary isn't under your control, periodically check up on them and make sure they're getting current zone data from you.
But, many TLDs require at least two nameserver to accept the registration. For example, in my country, the two nameserver requirement for a ccTLD is written up in a technical regulation given by the local equivalent of the FCC.
Slashdot Mirror
Some religious folks have told me that there is no such thing as believing in God with less than 100%. Either you believe or you don't. But, alas, it comes to no surprise that people can't even agree on that assertion.
Personally I do agree that the nature of faith is in accepting things as ultimate truth without conclusive evidence. With this criterion, disowing God is also a religious statement (believing something without conclusive evidence).
This leaves agnosticism (whether empirical or naive type) as the only truely logical choice. If there is no conclusive evidence, there is no established fact. Belief and logic do not mix.
2:
i-mate Smartphone2
and
Mio 8380
Note the fact that during the outage for example google.com got you through to the Google home page because google.com had and still has (due to DNS standards) an A record in a Google DNS server (as opposed to host names like www.google.com which can have CNAMEs to outside domains). And there were reportedly no problems getting there (for example I didn't have any, but this arguably could be because so many others were failing this simple "try the domain name only nerd test").
Where do you suggest Akamai should backup their DNS then? To the networks of the backbone carriers they colocate their distributed servers with? Really, lets hear this. Remember that the content providers have their DNS backups and they were utilized during this outage.
In the current configuration, should Akamai suffer a total failure or fault, all their DNS will go away, unless they have a backup service handy, and can repoint the 13 root servers to it in time.
Thats exactly what they did and it accounted for the about 2 hours of no access. The "Refresh" fields of the SOA records are usually 7200, which translates to 2 hours (3600 seconds). So the mean time for a user to get the updated and working DNS info is one hour, unless the DNS server cache is refreshed manually before that (I think you can do that by using the recursive option of a query with most DNS client/resolvers if you are not running your own DNS server).
They have tracked the attacker back to person that is at the Akamai Technologies ISP
Doesn't that contradict the DDoS attack theory? If the attacker is already there, where does he need do Distribute his DoS to?
Besides, the original ISC Handler Diary (at June 15th 2004 14:31 UTC) said:
Some of the Akamai servers do respond to pings, but do not respond to DNS queries.
Which is another clue that the DDoS theory might not be as plausible as an internal, perhaps intentional, screwup (if a DoS attack is bombing a DNS server out of its resources, it wont be responding to pings in an expeditious fashion).
It will be interesting to follow the story in the days to come, especially whether the authorities will be involved or if the matter is quietly swept under the rug by Akamai.
Ofcourse meant a domain name under the ccTLD.