REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The Blog
« Want a cheap Linux computer? Join the Linux Foundation |
Sean Michael Kerner Blog
| Mozilla Firefox 3.6 gets oriented »
Sweden (.se) goes offline due to DNS error From the 'DNS Is Fault-Tolerant' files:
The entire .se (Sweden) Top Level Domain was knocked offline for a few hours today (EDT), due to an error in DNS configuration. It's an astounding revelation and one that shouldn't technically be able to occur in my opinion. Time and again, smart people remind me that DNS is a redundant system that is highly available. Yet here we are in 2009 and the entire .se TLD is offline because of a configuration error in DNS. According to the .SE Internet Infrastructure Foundation, they inadvertently sent out an incorrect zone file Monday October 12 at 21.45 local time, in connection with a planned maintenance work. "The cause was an incorrect software update, which, despite our testing procedures were not detected," .SE said in a statement. "Thanks to well-functioning surveillance system .SE discovered the error immediately and a new file with the DNS data (zone file) was produced and distributed within one hour."An hour may not sound bad, but due to the way DNS works with multiple copies of records all over the world, the end result is a cascading failure of the entire .se TLD that varies in length depending on where you are. That's 900,000 domains without service due to a DNS error that should never have happened. To make matters worse, .SE also updated their new zone files without DNSSEC information. The .se TLD is one of the few TLDs in the world that is now fully DNSSEC enabled, providing digital signatures for its domains. "To minimize the impact on the availability of .se domains, we chose to produce and distribute a zone file that lacked proper signatures for DNSSEC to quickly come out with the correct DNS information," .se stated.So to recap. A zone file was sent out that took the entire TLD offline and then the new version was put up without the same security measures as had previously been in place. Huh ?! According to Swedish web monitoring vendor Pingdom, the .se failure affected all 900,000 .se domain names. "Pingdom monitors the uptime of tens of thousands of websites for our customers, and we often see downtime due to DNS problems," the pingdom website states. "These problems are very common all over the world, but usually it's a single domain name that has been incorrectly configured or the DNS servers of a single web host having problems. An entire top-level domain breaking is exceptionally rare."What I don't understand is how such a failure can occur in the first place. There should have been primary and secondary authoritative DNS servers for .se. So for the entire TLD to fail, .se somehow messed up all their primary and secondary records. That seems very odd to me. 0 TrackBacksListed below are links to blogs that reference this entry: Sweden (.se) goes offline due to DNS error. TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/9082 1 CommentsLeave a comment |
||
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
Sean, as I understand it, the problem was that the zone data generated was syntactically correct. Since the zone was syntactically correct, the secondaries were happy to transfer it.
Apparently the script that produces .se left off trailing dots (presumably from NS records and possibly others). Without trailing dots, domain names in the zone have the origin appended to them. By default, the origin for the .se zone is .se. So you end up with things like
nordicsea.se.se. IN NS ns1.fastpark.net.se.
While it's conceivable that the zone nordicsea.se.se could exist, it really doesn't, nor does ns1.fastpark.net.se.
For a rough analogy, imagine accidentally changing your web server's A record to the wrong address. Your secondaries don't know it's not the right address, so they're happy to transfer the change. That's about what happened here.