Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: H went down. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
H went down.

Well the bad news is the H root servers were not available for over 18 hours. The good news is that practically nobody noticed. As it turns out a fiber cut and poor weather took out access to this cluster of root DNS servers. https://lists.dns-oarc.net/pipermail/dns-operations/2010-October/006142.html shows the explanation for the outage. While the outage had no direct impact on Internet users, it does point out the necessity of proper design for redundancy. Graph of the H availability:

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
This is awful. DNS is a robust protocol - but not a replacement for diversity (and backups).

Unless someone wrote "the service doesn't need to survive single-point failures." in the requirements document, it's woefully underengineered.
DomMcIntyreDeVitto

37 Posts
It's not underengineered. Nameservers use a hints file. Other roots use AnyCast.
http://en.wikipedia.org/wiki/Root_nameserver#Root_server_addresses
DomMcIntyreDeVitto
2 Posts

Sign Up for Free or Log In to start participating in the conversation!