Millions of .de Domains Unreachable For Hours
83
An anonymous reader writes "Due to an error on behalf of DENIC, the German DNS registrar for second-level .de domains, millions of .de domains fell over the edge (auf Deutsch) of the Internet today. The cause of this GAU (GröYter anzunehmender Unfall = maximum credible accident) is still unknown, as DENIC officials haven't answered any questions from journalists at the time of writing."
So... (Score:2)
Domains and DENIC officials were both unavailable, the only difference is that officials will be unavailable a bit longer...i bet it sucked to be them today.
Re: (Score:3, Interesting)
I wonder if this had anything to do with my own DNS outage yesterday. There seemed to be a rolling DoS attack which hit a couple of my nameservers. It hit a slightly out of date version of bind, which made it barf. Of course I have the servers monitoring themselves, so they kept bringing it back up, just to be knocked down again a few minutes later. The solution? Upgrade to current.
Did anyone else see this, or was it two isolated (and unrelated) cases?
Re: (Score:2, Interesting)
So it looked something like (Score:3, Funny)
this? [wordpress.com]
auf Deutsch? (Score:1, Insightful)
Re:auf Deutsch? (Score:5, Informative)
Why complain? It's nothing else than the typical bad work of the so called "editors" of slashdot. They also did not notice that a charset conversion error occured. The german phrase is "Größter anzunehmender Unfall", not "GröYter anzunehmender Unfall". But why should we expect that paid editors do actually work?
Re:auf Deutsch? (Score:5, Funny)
Unicode on slashdot? UNPOSSIBLE
Re: (Score:2, Informative)
But HTML entities work!
Re: (Score:2)
Re: (Score:2)
Nah; it was just as stated: a charset conversion screwup. The pages I get say <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> in the header section. Do yours say UTF-8 or some other Unicode charset?
It would be nice to be able to quote things in non-Western languages here, especially now that China+Korea+Japan are the majority of the Internet, and where most of our hardware is now produced. But I guess it'll still be a while before those of us dealing with non-Western langu
Re:auf Deutsch? (Score:4, Informative)
Also, "GAU" is probably better translated as "worst-case scenario".
We call that... (Score:1, Funny)
Also, "GAU" is probably better translated as "worst-case scenario".
We call that a clusterfuck in these here parts.
Re: (Score:2)
I think, since GAU is the term for a worst-case scenario in a nuclear reactor, it would be best translated as “nuclear clusterfuck” ^^
Re:We call that... (Score:4, Insightful)
Three Mile Island is a good example: Back than it was a Super-GAU as nobody designed reactors to handle gas buildup. With modern reactors it's a regular a GAU since modern designs are required to consider that failure mode and mitigate it.
In short: A GAU is "well, I guess after we're done decontamining and repairing the plant we'll need to do quite a bit of lobbying to get it back online". A Super-GAU is "we just contaminated how much land?".
Re:We call that... (Score:5, Informative)
Re: (Score:3, Funny)
So it does not mean “district” anymore? ;)
Re: (Score:2)
GAU = Groester anzunehmender Unfall = Worst Accident that can reasonably be expected to happen
A worst-Case Scenario is more likely a "Super-GAU", i.e. when you take political and commercial "interpretations" away and only look at what could actually happen. And, yes, "Super-GAU" is a proper term, not my invention.
Re: (Score:3, Insightful)
Re: (Score:2)
so a GAU is a SNAFU?
Technically, no. SNAFU refers to a stituation that is Normal (but always All Fouled Up). GAU refers to the worst possible situtation that could be anticipated, ie: more fouled up than usual, and about as fouled up as your imagination can take you.
Re: (Score:2)
And yet you still keep coming back, again and again, after all these years. ;)
Re: (Score:1, Informative)
If you want to troll, look for a better online translator.
Everything after "Amerikaner" is gibberish.
Re:auf Deutsch? (Score:5, Funny)
Problems with the root .de name server. Of course, it's funnier if you don't know that "die" is "the" in german: "die die Rootserver für die Top-Level-Domain .de" so in germglish it becomes "die, die, tld .de rootserver" OMG terrorist threat!
Re: (Score:2, Informative)
Stop calling it root server (Shame on you, Golem.de!). The root servers serve the root zone, which contains the top level domains. The affected servers in this incident were the de-TLD servers which serve the second level domain records.
Re: (Score:2)
"Oy vay! What do you expect from a golem? Probably got distracted by. some shiksa. Give the servers some chicken soup, already!"
"Chicken soup won't help!"
"Couldn't hurt ..."
Re: (Score:2)
Die Die Die is a term of endearment I frequently use while at a Windows PC. :P
Schon. (Score:5, Funny)
Ground (in English): "If you want an answer you must speak in English."
Lufthansa (in English): "I am a German, flying a German airplane, in Germany. Why must I speak English?"
Unknown voice from another plane (in a beautiful British accent): "Because you lost the bloody war."
Re: (Score:3, Informative)
Re: (Score:1)
ich zieh sie auf ein weisses Haar
werf in die Luft die nasse Kette
und wünsch mir dass ich eine Mutter hätte
Keine Sonne die mir scheint
keine Brust hat Milch geweint
in meiner Kehle steckt ein Schlauch
hab keinen Nabel auf dem Bauch
Mutter...
Re: (Score:1, Informative)
Good miss. The word you were grasping at is Scheisse.
Re: (Score:2)
It was a sad day for Shiza-porn
Good miss. The word you were grasping at is Scheisse.
Shiza sounds like one of those districts of Tokyo that nerds dream of going to because it consists of obscure shops that sell flavours of Pocky not available in the United States, like vodka-scented curried tayberry, or the infamous "Pocky flavoured Pocky" whose very meta-ness has driven some Westerners mad....
Sorry, where was I again?
Re: (Score:2)
GröYter, yes, that is Größter or where ß, which is not beta, is not available, Grösster.
Or when neither "ö" nor "ß" are available, "Groesster" would also be acceptable.
Some more details about the outage (Score:5, Informative)
The problem did not affect all domains and it did not affect all nameservers for the german TLD. The nameservers which are reached through "c.de.net" (== c.nic.de) and "s.de.net" (== s.nic.de) more or less worked fine during the outage. Only for a short period of time they did not answer. The other nameservers for .de however lost the knowledge of most domains under the TLD and only returned NS-records for the domain names starting with a digit or with the letter a to e. So for example br-online.de worked fine, while web.de did not. The really bad part is, that the affected nameservers did not refrain to answer but instead answered with NXDOMAIN. So they told that they do not have a record for the query, which in turn effects to "This domain does not exist". Unfortunately such negative answers are cached for a time determined by the authorative nameserver. DENIC's nameserver tell clients to cache this result for 7200 seconds, therefore the outage continued to make problems for up to two hours after the problem was fixed, unless the DNS caches were cleared.
One more thing to notice: Some sites claim that four of the six nameservers for .de were affected because six hostnames are listed as nameservers for .de and as i told, two of them did work. However both a.nic.de and z.nic.de resolv to anycast IPs which will be routed to a number of different servers around the world depending on your own location. So it are more than six servers in total.
Re:Some more details about the outage (Score:5, Informative)
According to the DENIC registrar's mailing list, this was just an administrative fuckup. DENIC apparently runs Bind, (on at least the 4 affected logical servers) and they reloaded Bind with an empty zone file. Since the six logical servers are all authoritative, the empty-zone-file servers replied with NXDOMAIN (as they should have).
The parent is correct, non-existent domain responses should only be cached for 2 hours.
Since .de is the largest ccTLD (by count of registrations), this is a pretty big deal. On April 3 2010, there were 13.5 million [domainnews.com] registered .de domains. I wonder how long it took Bind to start with that many zones!
Re:Some more details about the outage (Score:5, Interesting)
Hungry anyone?? (Score:1)
Re: (Score:2)
DENIC officials haven't answered any questions (Score:3, Funny)
Meanwhile I'm sure Hitler will be happy to discuss the situation on youtube.
OH NO!!! (Score:1, Insightful)
Where will people get their bizarre latex fetish watersports dungeon porn now!?!?!?!!
Re: (Score:3, Insightful)
"Official" response (Score:5, Funny)
ref (Score:1, Funny)
DNSSEC to blame.... (Score:5, Interesting)
Re: (Score:1, Interesting)
The zone information was only partially available from some servers. That could be the result of the size increase caused by the additional (large) DNSSEC records. Perhaps some automated zone update process ran out of space or time. This is only speculation though.
Re: (Score:1, Interesting)
Another speculated cause is that DENIC messed something up when they moved registry services from Amsterdam to Frankfurt yesterday.
Re: (Score:2)
I heard this claim coming from the DFN as well, but i really suspect that it's bullshit. Why? As far as i understood (i admit lacking proper knowledge of DNSSEC) the introduction of DNSSEC might only affect clients which are actually capable of doing DNSSEC and which will request the nameserver to do DNSSEC, as DNSSEC is done by additional records in the DNS. Old clients will just request records as they did ever and will get normal answers like they got ever.
Also as told above, domains starting with a digi
Re: (Score:3, Interesting)
We wouldn't need to speculate if the DE-NIC would give out more details. Concerning myself, the DFN NOC holds more credibility than the DE-NIC.
There are hundreds of ways to get a DNSSEC deployment wrong. The error is not disturbing by itself. The time needed for a rollback on any change they made is IMHO. As well as the lack of concept about what to do in case something like this happens. Don't get me started on the information policy...
CU, Martin
Re: (Score:2)
Wow, someone decided to mod me down as overrated. Talk about mod abuse.
However, it is told that the DNSSEC testbed worked fine during the outage, so this is a strong indicator that DNSSEC was not the culprit. I also got a credible statement from a DENIC technician that DNSSEC was not the reason and the DFN NOC is - as i said - making a ridiculous claim without any background knowledge. DENIC still has not provided an explanation but it appears that for some reasons the zones were only transfered in part, wh
Re: (Score:2)
The reason is AFAIK not DNSSEC itself, but the process of the introduction. Why should someone delete zone files if not due to changes made to the zones? I would guess, any nameserver gets for each update only a diff and not a full dump. In this case the diff contained empty zones (my guess).
Don't try to understand the modding here. I've given up on that one.
CU, Martin
Is there a Downfall video meme yet? (Score:1)
Damn my laziness!
German Spammers demand Rescue Package (Score:1)
Re: (Score:1)
HTML and spaces are now allowed in domain names? (Score:3)
What is a “<nobr> <wbr></nobr>.de” domain? And why are there millions of them?
Or is that just another epic failure of someone using a WYSIYFH (what you see is you failing hard) interface, caused by the idiocy that is “K.I.S.S.”?
Re: (Score:2)
What is a “<nobr> <wbr></nobr>.de” domain? And why are there millions of them?
It's just Slash demonstrating that it speaks neither Unicode nor HTML.
K.I.S.S.? (Score:3, Informative)
you mean "Keep it simple, stupid"?
the KISS principle is perhaps one of the greatest principles in engineering, and frequently keeps people's minds grounded in the deliverables, and prevents them from spinning out of control into overly complex solutions, which are in fact the source of most software bugs, not the solution to them
if this is the principle you are referring to, i don't know where the source of your animosity to it lies, nor why it has anything to do with this particular subject matter
DE-NIC (Score:4, Interesting)
Once upon a time, the DE-NIC was very respected in the german internet community. But several things happened lately, that let the trust erode. There were internal power struggles [heise.de], the rising influence of domain traders [denic.de] inside the DE-NIC and the surprising distribution of the two-letter-domain-rush [www.egm.at] (25% of all domains ending in the hands of a single person). Perhaps this outage will be a wakeup call. If we only count the time spent on customers calling the hotline, the damage for my company is several thousand dollars.
CU, Martin
Constantin Films/YouTube/Der Untergang (Score:5, Funny)
Looks like they put a DMCA takedown notice on the entire country.
Re: (Score:2)
DENIC macht frei?
Re: (Score:2)
Looks like they put a DMCA takedown notice on the entire country.
Don't know: Hitler.de couldn't be contacted for a comment.
What happened to the Germany water website? (Score:3, Funny)
Obligatory (Score:3, Funny)
Alles Touristen und Non-technischen Looken Peepers! Das Machinekontrol ist nicht fur Gerfingerpoken und Mittengraben. Oderwise ist easy Schnappen der Springwerk, Blowenfuse, und Poppencorken mit Spitzensparken. Der Machine ist Diggen by Expertzen Only. Ist nicht fur Gewerken by Dummkopfen. Das Rubbernecken Sightseenen keepen das Kottenpicken Hands in das Pockets. So relaxen und watchen das Blinkenlights.
.