Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Google DNS Glitch Caused Outage

Posted by CmdrTaco on Sun May 08, 2005 08:32 AM
from the not-much-else-happens-on-sunday-morning dept.
The Internet Businesses Google IT
An anonymous reader writes "Google suffered a pretty long outage saturday evening, due to some DNS glitches, according to company spokesperson. All Google services were down for a while, including Gmail and Google AdSense. There seems to be a DNS hijack, as some screen grabs show that Google.com was redirecting to another site, SoGoSearch.com. "
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Google DNS Glitch Caused Outage 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • Everyone keeps freaking out because when they run a whois query they get this:

    GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.C OM
    GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGI NE .THAN.SECZY.COM
    GOOGLE.COM

    This is NOT at ALL indicative of a hack.

    All this means is that gulli.com chose to register a DNS server with their registrar called 'GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.CO M' instead of ns1.gulli.com -- to do EXACTLY what they just did -- got your attention.

    Simmer down everyone. If you whois ANY major site you'll see similar things. (Just try Microsoft.com)

    • Re:Whois Entries Not Indicative of a Hack (Score:5, Informative)

      by A beautiful mind (821714) on Sunday May 08 2005, @08:48AM (#12467564)
      Also the Screenshots are just about BROWSER GUESSES. The screenshots show http://www.google.com.net [com.net]!

      You know, it's what happens when the browser can't find the given domain name (dns servers are down), that it tries www.google.com.com, then www.google.com.net and it happened to be already taken by the site in the screenshots.

    • Re:Whois Entries Not Indicative of a Hack (Score:5, Interesting)

      by Megane (129182) on Sunday May 08 2005, @08:49AM (#12467570)
      Wow, I thought that trick stopped working like four years or so ago. I even had one of those kind of entries, but took it out when the search stopped showing them.

      Looks like these clowns aren't just limiting themselves to Google...

      AOL.COM.IS.N0T.AS.1337.AS.GULLI.COM
      AOL.COM.IS.0WNED.BY.SUB7.NET
      AOL.COM.CANDICE-CHAMBERLAIN.COM
      AOL.COM.AINT.GOT.AS.MUCH.FREE.PORN.AS.SECZ.COM
      AOL.COM

      • Wow, I thought that trick stopped working like four years or so ago. I even had one of those kind of entries, but took it out when the search stopped showing them

        Four years ago, I remember this worked in Debian's whois, but not in Red Hat's or SuSE's. The output from whois depends on how the searching is done. Given the large number of people "discovering" this today, it looks like Debian's whois variant is more widespread now.

    • Google didn't cash 400,000 US$ during that time (Score:5, Interesting)

      by astrab (819883) on Sunday May 08 2005, @09:13AM (#12467654) Journal
      According to gigaom.com, Google acknowledges having suffered a 'DNS blackout' for two hours (aprox) this past Saturday, and users couldn't access the search engine.

      During Q1 2005, Google cashed $657 million by showing sponsored links on search results. This means 300,000 US$ per hour. Taking into account that this issue happened on Saturday (less users), we can estimate the 'non-revenue' figure in 400,000 US$ aprox, without considering other non-working services like Google AdSense, which probably suffered problems during this time.

      http://google-blog.dirson.com/post.new/0260/ [dirson.com]

    • I just tried Microsoft. Hilarious.

      frost@louddrunk ~
      $ whois microsoft.com|grep MICROSOFT
      Server Name: MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM
      Server Name: MICROSOFT.COM.WANADOODOO.COM
      Server Name: MICROSOFT.COM.SUX.BUT.PYROFREAK.ORG.RULEZ.AND.DIOX YTECH.NET.DELETED.GANDI.NET
      Server Name: MICROSOFT.COM.SMELLS.SIMPLECODES.COM
      Server Name: MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.CO M
      Server Name: MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTALFLOSS.CA
      Server Name: MICROSOFT.COM.OHMYGODITBURNS.COM
      Server

      • not only that -- but upon thinking about it -- if my logic is correctly about how its listed there -- then why aren't ns1->ns4.google.com listed there also?
        why doesn't any domain have its dns servers listed when such a search is performed? (Does whois filter out dns servers listed within the domain itself?)

        ala, google.com uses ns1->ns4.google.com, so it doesn't list them?
      • Because, by default, whois does a search match on the entire record rather than just the name. Since the names of a domain's DNS servers are part of that record, some smartasses with spare domains load up the DNS server names with useless extra strings that will match lookups against popular domains like google.

        This only confuses humans, and has nothing to do with Google's outage and overly helpful browser code.

      • What does SPF have anything to do with this?

        If your domain is high-jacked due to a fault with the security of your domain registrar, then yes, you have bigger problems than any anti-spam solution.

        This is not the purpose of SPF

        If you read spf.pobox.com [pobox.com] You can learn that SPF is merely designed to be a system which can eliminate domains being spoofed in the from field of spam messages.

        If someone is using one of my domains (logicx.net) to send spam; I can reduce the affect of such a joe-job attack [tnpi.biz] by having a published SPF record; such that receiving systems can verify if the email came from a logicx.net mail server, and reject it appropriately.

        SPF and PGP have entirely different authentication approaches. I'd go so far as to say that PGP is more integrity checking.

        SPF is a verification that mail for a particular domain came from an appropriate server -- with the goal of disposing false emails (spam, spoofs, etc.)
        This is not at all a system to verify users on that particular email system.
        This is where PGP steps in -- It is used to verify the integrity of the email -- that it came from a particular user, and came unaltered.

        Finally, where has it been verified that their was a breach of their DNS system?

        All of the screenshots have now been confirmed to be a firefox situation where when DNS failed it resolved www.google.com.net -- which resolved to the people who own com.net

  • Laugh! (Score:3, Funny)

    by stabChmo (861088) on Sunday May 08 2005, @08:35AM (#12467490)
    So go search Google!

  • Google Web Accelerator (Score:4, Funny)

    by Message Board (695681) on Sunday May 08 2005, @08:36AM (#12467497) Journal
    Last night, Google Web Accelerator was accelerating just fine... except for the fact that when I tried to make it proxy google.com it told me that the web site wasn't available, and to try search Google for the site. Needless to say, that didn't work either.

  • Slashdot and Google (Score:3, Insightful)

    by brokencomputer (695672) on Sunday May 08 2005, @08:36AM (#12467498) Homepage Journal
    Yeah and Slashdot was down with a 503 error yesterday for quite a while. But seriously, Google shouldn't allow this to happen.
      • They don't owe you anything.

        I wonder if Google's shareholders feel the same way or if they understand that they do owe their customers? They're a business; they owe me whatever it is I feel like asking for or I'll go elsewhere.

        • Re:Slashdot and Google (Score:4, Informative)

          by jdgeorge (18767) on Sunday May 08 2005, @09:31AM (#12467795)
          I wonder if Google's shareholders feel the same way or if they understand that they do owe their customers? They're a business; they owe me whatever it is I feel like asking for or I'll go elsewhere.

          Are you an advertiser on Google? If not, it sounds as if you are confusing what Google owes shareholders (return on investment) and their customers (advertisers) with what Google owes the user, (technically, nothing).

          It is true that Google tries to provide a good experience for users, and that helps provide value to the advertisers and return on investment the shareholders are owed.

          If, on the other hand, you are an advertiser, you should realize that Google's first obligation is to its shareholders, not its customers or its users.

          (Okay, I realize that Google has other customers than advertisers, e.g. those who purchase Google's search services, users of Google Answers, etc., but my impression is that advertising generates the bulk of Google's revenue.)
  • I think it's far more likely that there are quite a few people out there with some sort of malware redirecting their failed DNS lookups to this site, as opposed to Google's DNS entry being hacked.

  • Pre-FP (Score:4, Informative)

    by LogicX (8327) * <slashdotNO@SPAMlogicx.us> on Sunday May 08 2005, @08:37AM (#12467507) Homepage Journal
    Ironically people have been freaking out about this, even before slashdot posted the story; leaving comments in other [slashdot.org] articles [slashdot.org]

  • SoGoSearch didn't hijack (Score:5, Informative)

    by Anonymous Coward on Sunday May 08 2005, @08:38AM (#12467510)
    SoGoSearch didn't hijack Google's DNS. They registered a domain name google.com.net. Because the browser couldn't find google.com it tried as google.com.net. It has nothing to do with them hijacking any DNS.

    I do think it is unethical to register a domain such as google.com.net if you are not Google, but that is a different thing.

    • Re:SoGoSearch didn't hijack (Score:5, Informative)

      by ryanjensen (741218) on Sunday May 08 2005, @08:51AM (#12467577) Homepage Journal
      Thing is, they didn't register "google.com.net" - they registered "com.net". The "google" part is called a wildcard, and any "*.com.net" would go to SoGoSearch. (See this report [bizreport.com] about yahoo.sex.com).

      The real problem lies in web browsers that append ".net" to a domain name when the .com version cannot be accessed.

    • Re:SoGoSearch didn't hijack (Score:5, Insightful)

      by Gollum (35049) on Sunday May 08 2005, @09:03AM (#12467623)
      In fact, I think they registered com.net, and simply created a wildcard DNS result for anything under that, which points to their search page.

      As the parent says, it is common behaviour for browsers to try appending common TLD's to the end of an URL that is not found verbatim. When Google went away, the browser appended .net to google.com, and ended up at *.com.net.

      A bug that people seem to be ignoring is that whatever browser is shown in the screenshot did not show the correct URL after the .net was appended, but left the original URL in the location bar.
      • A bug that people seem to be ignoring is that whatever browser is shown in the screenshot did not show the correct URL after the .net was appended, but left the original URL in the location bar.
        Looks like Safari. And you're right, that's the real problem here, the redirect should be shown at the very least by changing the URL in the location bar.
        • It's definitely a browser problem. The resolver doesn't do that... the browser makes the other requests after being told NXDOMAIN by the resolver. So, while the issue comes from getting the wrong DNS response, it's because the browser asked the wrong questions thereafter. This also doesn't have to do with search directives. I'm sure there's something you're saying that I'm calling differently than you mean, but it's still an issue of the browser in this case.
          • No. You're confusing the "resolver library" code used by the program, and "resolving name servers" network services. He's describing the built in search feature that many resolver libraries use, you're describing the part of the network protocol that library uses to communicate with the network service.

            It's worth asking if Mozilla and Firefox use the "default" resolver of the host operating system, or if the developers took the "path of greatest suprise" by including one of their own.
              • RTFM!

                This has been default resolver behavior on Unix (including Mac OS X and Linux, IIRC) since early versions of the resolver libraries.

                I am NOT talking about the DNS server itself, rather the client libraries.

                On a Linux machine (at least RH9), look at
                "man 3 resolver".

                Note the "RES_DNSRCH" option:

                "If set, res_search() will search for host names in the current domain and in parent domains. This option is used by gethostbyname(3). [Enabled by default]."

                Note also that it is enabled unless some
    • They're trying to associate google.com.net with them in an effort to confuse customers. Thus they are guilty of a trademark violation and Google can sue them.

  • Not a hijack (Score:5, Informative)

    by Kip (659) <kip AT aadl DOT org> on Sunday May 08 2005, @08:39AM (#12467517)
    They were just taking advantage of browser behavior.

    www.google.com.net leads to sogosearch.com

    When a browser fails to resolve an address, they will try adding .net and .com to the end of the address on the assumption maybe the user forgot to add it.

  • Has it gotten to this point yet? (Score:5, Insightful)

    by fwice (841569) on Sunday May 08 2005, @08:42AM (#12467534)
    Are people really this dependant on google that when there is an outage, people really flip out?

    I mean, there are other search engines.
    Other email services.
    Other mapping things.

    Seriously, what were people doing a couple years ago? If your life is that in tuned to google, maybe its time to 'log off' (and pardon the cliche).

    • Other email services.

      I agree with your sentiment but WTF?! "Other email services" doesn't make much difference if your primary email is delivered to gmail.
        • "What's stopping you from using another web-based e-mail account, or using your ISP's e-mail service?

          You mean, other than that not solving any problem? If the email service you use goes down, and you don't retain a local copy of that email, you immediately lose access to a wealth of information. Doesn't matter if it's GMail, Yahoo!, Hotmail, or whatever. I don't see how your suggestion solves the problem.

          • Re:Has it gotten to this point yet? (Score:4, Informative)

            by jmaslak (39422) on Sunday May 08 2005, @09:44AM (#12467873)
            I'm sorry, but "important" email being sent to a free email account?

            If you get important email, I suggest paying for an account that provides support as part of the price. "Free" doesn't typically mean "great support", not even in the case of Google.

    • Re:Has it gotten to this point yet? (Score:2, Funny)

      by Anonymous Coward
      Yeah I'm bad for that. During the outage I tried to Google for another search engine but...
    • Google offers search results via SMS (text message 46645 with your query). It also has Google local, which means you can search for telephone numbers. I don't know of another search service with this functionality, and I attempted an out of state lookup during the outage without knowing about it. I actually did get results much later, but they weren't useful then.

      A couple of years ago, I wouldn't have looked up the number at all, but I also wouldn't have been used to being able to look it up at any time

  • Just a DNS glitch (Score:4, Informative)

    by Eric(b0mb)Dennis (629047) on Sunday May 08 2005, @08:44AM (#12467540)
    Lots of rumor of DNS getting poison and/or google site getting hacked. The reason benig is people thought google.com was going to SoGoSearch.com..

    But apparently it was just their browser's not finding google.com and trying to go to Google.com.net [com.net]

    Stop flipping out!
  • Thought gmail was slow and Adsens was not working but google.co.in was up and running :)

    However I noticed http://www.google.com/intl/xx-hacker/ [google.com] don't know what the hell it is... or just one of those google own funny stuff :-?

  • So the DNS was down... (Score:5, Funny)

    by Karakth (876149) on Sunday May 08 2005, @08:50AM (#12467571)
    Just 216.239.57.99 it.

  • This hit Microsoft as well (Score:4, Funny)

    by Nichotin (794369) on Sunday May 08 2005, @09:20AM (#12467708)
    Didn't anyone notice?

  • With google down.. (Score:5, Funny)

    by kun (844934) on Sunday May 08 2005, @09:54AM (#12467942) Homepage
    With google down who's going to raise my children!?

  • Just think how this affected ISP help desks (Score:3, Insightful)

    by IronChefMorimoto (691038) on Sunday May 08 2005, @12:27PM (#12469092)
    Imagine all the people who have Google.com set as their homepage when they start up a web browser. I can't imagine what happened to ISP help desk lines when Joe Bob Family Man hopped onto his computer Saturday night to check a golf score only to find a 404 error or some "page not found" error when he fired up MSIE.

    Think about it -- Google just doesn't go down. Not like some websites. It's so simply designed, and in some people's minds, that means it can't fail.

    Hell -- I stupidly went into my Linksys router interface after FireFox gave me a startup error to see if my ISP had dropped my connection. I didn't think to look at CNN.com or another website (which were working fine, so NOT an outage). Why?

    Google just doesn't go down. Reliance is a real bitch sometimes, no?

    IronChefMorimoto
  • Google DNS Glitch Caused Outage

    I knew that [slashdot.org] . Where is the full detailed breakdown?

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.