Millions of .de Domains Unreachable For Hours
83
An anonymous reader writes "Due to an error on behalf of DENIC, the German DNS registrar for second-level .de domains, millions of .de domains fell over the edge (auf Deutsch) of the Internet today. The cause of this GAU (GröYter anzunehmender Unfall = maximum credible accident) is still unknown, as DENIC officials haven't answered any questions from journalists at the time of writing."
DNSSEC to blame.... (Score:5, Interesting)
Re:DNSSEC to blame.... (Score:1, Interesting)
The zone information was only partially available from some servers. That could be the result of the size increase caused by the additional (large) DNSSEC records. Perhaps some automated zone update process ran out of space or time. This is only speculation though.
DE-NIC (Score:4, Interesting)
Once upon a time, the DE-NIC was very respected in the german internet community. But several things happened lately, that let the trust erode. There were internal power struggles [heise.de], the rising influence of domain traders [denic.de] inside the DE-NIC and the surprising distribution of the two-letter-domain-rush [www.egm.at] (25% of all domains ending in the hands of a single person). Perhaps this outage will be a wakeup call. If we only count the time spent on customers calling the hotline, the damage for my company is several thousand dollars.
CU, Martin
Re:DNSSEC to blame.... (Score:1, Interesting)
Another speculated cause is that DENIC messed something up when they moved registry services from Amsterdam to Frankfurt yesterday.
Re:DNSSEC to blame.... (Score:3, Interesting)
We wouldn't need to speculate if the DE-NIC would give out more details. Concerning myself, the DFN NOC holds more credibility than the DE-NIC.
There are hundreds of ways to get a DNSSEC deployment wrong. The error is not disturbing by itself. The time needed for a rollback on any change they made is IMHO. As well as the lack of concept about what to do in case something like this happens. Don't get me started on the information policy...
CU, Martin
Re:So... (Score:3, Interesting)
I wonder if this had anything to do with my own DNS outage yesterday. There seemed to be a rolling DoS attack which hit a couple of my nameservers. It hit a slightly out of date version of bind, which made it barf. Of course I have the servers monitoring themselves, so they kept bringing it back up, just to be knocked down again a few minutes later. The solution? Upgrade to current.
Did anyone else see this, or was it two isolated (and unrelated) cases?
Re:Some more details about the outage (Score:5, Interesting)
Re:So... (Score:2, Interesting)