Please create an account to participate in the Slashdot moderation system


Forgot your password?
Networking The Internet

Millions of .de Domains Unreachable For Hours 83

An anonymous reader writes "Due to an error on behalf of DENIC, the German DNS registrar for second-level .de domains, millions of .de domains fell over the edge (auf Deutsch) of the Internet today. The cause of this GAU (GröYter anzunehmender Unfall = maximum credible accident) is still unknown, as DENIC officials haven't answered any questions from journalists at the time of writing."
This discussion has been archived. No new comments can be posted.

Millions of .de Domains Unreachable For Hours

Comments Filter:
  • by Rotten ( 8785 )

    Domains and DENIC officials were both unavailable, the only difference is that officials will be unavailable a bit longer...i bet it sucked to be them today.

  • by wiredog ( 43288 ) on Wednesday May 12, 2010 @11:03AM (#32182580) Journal

    this? []

  • auf Deutsch? (Score:1, Insightful)

    by Anonymous Coward
    Tell me, what is the point of putting a warning aimed at people who don't speak German in German??
    • Re:auf Deutsch? (Score:5, Informative)

      by kju ( 327 ) on Wednesday May 12, 2010 @11:10AM (#32182674)

      Why complain? It's nothing else than the typical bad work of the so called "editors" of slashdot. They also did not notice that a charset conversion error occured. The german phrase is "Größter anzunehmender Unfall", not "GröYter anzunehmender Unfall". But why should we expect that paid editors do actually work?

      • by Anonymous Coward on Wednesday May 12, 2010 @11:13AM (#32182702)

        Unicode on slashdot? UNPOSSIBLE

        • Re: (Score:2, Informative)

          by KDR_11k ( 778916 )

          But HTML entities work!

        • Slashcode supports unicode, Slashdot blocks all but a small whitelist of characters. The block is because people were abusing flow control characters to do "interesting" things.
        • by jc42 ( 318812 )

          Nah; it was just as stated: a charset conversion screwup. The pages I get say <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> in the header section. Do yours say UTF-8 or some other Unicode charset?

          It would be nice to be able to quote things in non-Western languages here, especially now that China+Korea+Japan are the majority of the Internet, and where most of our hardware is now produced. But I guess it'll still be a while before those of us dealing with non-Western langu

      • Re:auf Deutsch? (Score:4, Informative)

        by Anonymous Coward on Wednesday May 12, 2010 @11:42AM (#32183016)

        Also, "GAU" is probably better translated as "worst-case scenario".

        • by Anonymous Coward

          Also, "GAU" is probably better translated as "worst-case scenario".

          We call that a clusterfuck in these here parts.

          • I think, since GAU is the term for a worst-case scenario in a nuclear reactor, it would be best translated as “nuclear clusterfuck” ^^

          • Re:We call that... (Score:4, Insightful)

            by Jesus_666 ( 702802 ) on Wednesday May 12, 2010 @12:37PM (#32183638)
            Actually, we reserve the term "Super-GAU" for that. "GAU" translates to "most severe expected accident"; it's still something you design your facility to handle. Consequently, a Super-GAU is an accident that exceeds what you planned for. An important point is that nuclear plants are required not to emit any radioactive material even in case of a GAU. Therefore, any accident during which the plant does release radioactive material is a Super-GAU.

            Three Mile Island is a good example: Back than it was a Super-GAU as nobody designed reactors to handle gas buildup. With modern reactors it's a regular a GAU since modern designs are required to consider that failure mode and mitigate it.

            In short: A GAU is "well, I guess after we're done decontamining and repairing the plant we'll need to do quite a bit of lobbying to get it back online". A Super-GAU is "we just contaminated how much land?".
        • Re: (Score:3, Funny)

          by Hurricane78 ( 562437 )

          So it does not mean “district” anymore? ;)

        • by gweihir ( 88907 )

          GAU = Groester anzunehmender Unfall = Worst Accident that can reasonably be expected to happen

          A worst-Case Scenario is more likely a "Super-GAU", i.e. when you take political and commercial "interpretations" away and only look at what could actually happen. And, yes, "Super-GAU" is a proper term, not my invention.

          • Re: (Score:3, Insightful)

            so a GAU is a SNAFU?
            • so a GAU is a SNAFU?

              Technically, no. SNAFU refers to a stituation that is Normal (but always All Fouled Up). GAU refers to the worst possible situtation that could be anticipated, ie: more fouled up than usual, and about as fouled up as your imagination can take you.

      • And yet you still keep coming back, again and again, after all these years. ;)

    • by tomhudson ( 43916 ) <barbara.hudson@[ ... m ['bar' in gap]> on Wednesday May 12, 2010 @11:12AM (#32182698) Journal
      How hard is it to figure out this?

      Denic Probleme mit den .de-Rootservern? (Update 2)

      Derzeit lassen sich viele .de-Domains nicht auflösen. Schuld daran könnten Probleme auf Seiten der Denic sein, die die Rootserver für die Top-Level-Domain .de betreibt. Mittlerweile ist das Problem behoben.

      Problems with the root .de name server. Of course, it's funnier if you don't know that "die" is "the" in german: "die die Rootserver für die Top-Level-Domain .de" so in germglish it becomes "die, die, tld .de rootserver" OMG terrorist threat!

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Stop calling it root server (Shame on you,!). The root servers serve the root zone, which contains the top level domains. The affected servers in this incident were the de-TLD servers which serve the second level domain records.

        • "Oy vay! What do you expect from a golem? Probably got distracted by. some shiksa. Give the servers some chicken soup, already!"

          "Chicken soup won't help!"

          "Couldn't hurt ..."

      • Die Die Die is a term of endearment I frequently use while at a Windows PC. :P

    • Schon. (Score:5, Funny)

      by CorporateSuit ( 1319461 ) on Wednesday May 12, 2010 @12:36PM (#32183636)
      Lufthansa (in German): "Ground, what is our start clearance time?"
      Ground (in English): "If you want an answer you must speak in English."
      Lufthansa (in English): "I am a German, flying a German airplane, in Germany. Why must I speak English?"
      Unknown voice from another plane (in a beautiful British accent): "Because you lost the bloody war."
  • by kju ( 327 ) on Wednesday May 12, 2010 @11:20AM (#32182780)

    The problem did not affect all domains and it did not affect all nameservers for the german TLD. The nameservers which are reached through "" (== and "" (== more or less worked fine during the outage. Only for a short period of time they did not answer. The other nameservers for .de however lost the knowledge of most domains under the TLD and only returned NS-records for the domain names starting with a digit or with the letter a to e. So for example worked fine, while did not. The really bad part is, that the affected nameservers did not refrain to answer but instead answered with NXDOMAIN. So they told that they do not have a record for the query, which in turn effects to "This domain does not exist". Unfortunately such negative answers are cached for a time determined by the authorative nameserver. DENIC's nameserver tell clients to cache this result for 7200 seconds, therefore the outage continued to make problems for up to two hours after the problem was fixed, unless the DNS caches were cleared.

    One more thing to notice: Some sites claim that four of the six nameservers for .de were affected because six hostnames are listed as nameservers for .de and as i told, two of them did work. However both and resolv to anycast IPs which will be routed to a number of different servers around the world depending on your own location. So it are more than six servers in total.

    • by nullchar ( 446050 ) on Wednesday May 12, 2010 @01:07PM (#32184018)

      According to the DENIC registrar's mailing list, this was just an administrative fuckup. DENIC apparently runs Bind, (on at least the 4 affected logical servers) and they reloaded Bind with an empty zone file. Since the six logical servers are all authoritative, the empty-zone-file servers replied with NXDOMAIN (as they should have).

      The parent is correct, non-existent domain responses should only be cached for 2 hours.

      Since .de is the largest ccTLD (by count of registrations), this is a pretty big deal. On April 3 2010, there were 13.5 million [] registered .de domains. I wonder how long it took Bind to start with that many zones!

    • by mseeger ( 40923 ) on Wednesday May 12, 2010 @01:39PM (#32184394)
      The DE-NIC finallly spoke out []. If you don't speak german, the statement doesn't contain anything that wasn't already well known: Yes, there was an problem starting at about 13:00 and it was fixed around 15:45.
  • All your wienerschnitzel are belong to me! :D
    • Wiener Schnitzel = Austrian. Not German. (Wien is Vienna) Nice try. Close... but not close enough.
  • by Anonymous Coward on Wednesday May 12, 2010 @11:29AM (#32182866)

    Meanwhile I'm sure Hitler will be happy to discuss the situation on youtube.

  • OH NO!!! (Score:1, Insightful)

    by Anonymous Coward

    Where will people get their bizarre latex fetish watersports dungeon porn now!?!?!?!!

  • by Anonymous Coward on Wednesday May 12, 2010 @11:31AM (#32182882)
    Here is the response I found on the site : []
  • ref (Score:1, Funny)

    by Anonymous Coward, where's my si.te?
  • DNSSEC to blame.... (Score:5, Interesting)

    by mseeger ( 40923 ) on Wednesday May 12, 2010 @11:36AM (#32182948)
    According to my informations (DFN NOC) the problems resulted from a botched experiment with DNSSEC. Unluckily the DE-NIC is still silent about the incident.
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      The zone information was only partially available from some servers. That could be the result of the size increase caused by the additional (large) DNSSEC records. Perhaps some automated zone update process ran out of space or time. This is only speculation though.

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Another speculated cause is that DENIC messed something up when they moved registry services from Amsterdam to Frankfurt yesterday.

    • by kju ( 327 )

      I heard this claim coming from the DFN as well, but i really suspect that it's bullshit. Why? As far as i understood (i admit lacking proper knowledge of DNSSEC) the introduction of DNSSEC might only affect clients which are actually capable of doing DNSSEC and which will request the nameserver to do DNSSEC, as DNSSEC is done by additional records in the DNS. Old clients will just request records as they did ever and will get normal answers like they got ever.

      Also as told above, domains starting with a digi

      • Re: (Score:3, Interesting)

        by mseeger ( 40923 )

        We wouldn't need to speculate if the DE-NIC would give out more details. Concerning myself, the DFN NOC holds more credibility than the DE-NIC.

        There are hundreds of ways to get a DNSSEC deployment wrong. The error is not disturbing by itself. The time needed for a rollback on any change they made is IMHO. As well as the lack of concept about what to do in case something like this happens. Don't get me started on the information policy...

        CU, Martin

        • by kju ( 327 )

          Wow, someone decided to mod me down as overrated. Talk about mod abuse.

          However, it is told that the DNSSEC testbed worked fine during the outage, so this is a strong indicator that DNSSEC was not the culprit. I also got a credible statement from a DENIC technician that DNSSEC was not the reason and the DFN NOC is - as i said - making a ridiculous claim without any background knowledge. DENIC still has not provided an explanation but it appears that for some reasons the zones were only transfered in part, wh

          • by mseeger ( 40923 )

            The reason is AFAIK not DNSSEC itself, but the process of the introduction. Why should someone delete zone files if not due to changes made to the zones? I would guess, any nameserver gets for each update only a diff and not a full dump. In this case the diff contained empty zones (my guess).

            Don't try to understand the modding here. I've given up on that one.

            CU, Martin

  • There's potential to bring humor back to that meme.
    Damn my laziness!
  • The Association of German Spammers has already claimed billions of dollars in losses due to the outage. The association chairman claims: "We need a rescue package to recover our losses". Billions of SPAM emails to valid accounts were flagged as "does not exist". Using the same calculations as the music industry the rescue package is estimated to exceed 50 billion euros to recover todays losses.
    • oh no! their children's children won't be able to afford cheap herbal viagra, knock off rolex's, and penis enlargement treatments in their own homes!
  • What is a “<nobr> <wbr></nobr>.de” domain? And why are there millions of them?

    Or is that just another epic failure of someone using a WYSIYFH (what you see is you failing hard) interface, caused by the idiocy that is “K.I.S.S.”?

    • What is a “<nobr> <wbr></nobr>.de” domain? And why are there millions of them?

      It's just Slash demonstrating that it speaks neither Unicode nor HTML.

    • K.I.S.S.? (Score:3, Informative)

      you mean "Keep it simple, stupid"?

      the KISS principle is perhaps one of the greatest principles in engineering, and frequently keeps people's minds grounded in the deliverables, and prevents them from spinning out of control into overly complex solutions, which are in fact the source of most software bugs, not the solution to them

      if this is the principle you are referring to, i don't know where the source of your animosity to it lies, nor why it has anything to do with this particular subject matter

  • DE-NIC (Score:4, Interesting)

    by mseeger ( 40923 ) on Wednesday May 12, 2010 @12:14PM (#32183410)

    Once upon a time, the DE-NIC was very respected in the german internet community. But several things happened lately, that let the trust erode. There were internal power struggles [], the rising influence of domain traders [] inside the DE-NIC and the surprising distribution of the two-letter-domain-rush [] (25% of all domains ending in the hands of a single person). Perhaps this outage will be a wakeup call. If we only count the time spent on customers calling the hotline, the damage for my company is several thousand dollars.

    CU, Martin

  • by BenJeremy ( 181303 ) on Wednesday May 12, 2010 @12:59PM (#32183898)

    Looks like they put a DMCA takedown notice on the entire country.

    ...I will forever wonder what Hitler would say about this.

    • by tool462 ( 677306 )

      DENIC macht frei?

    • by ignavus ( 213578 )

      Looks like they put a DMCA takedown notice on the entire country.

      ...I will forever wonder what Hitler would say about this.

      Don't know: couldn't be contacted for a comment.

  • by InvisibleSoul ( 882722 ) on Wednesday May 12, 2010 @01:35PM (#32184342)
    .de nile of service!
  • Obligatory (Score:3, Funny)

    by RevWaldo ( 1186281 ) on Wednesday May 12, 2010 @01:44PM (#32184478)

    Alles Touristen und Non-technischen Looken Peepers! Das Machinekontrol ist nicht fur Gerfingerpoken und Mittengraben. Oderwise ist easy Schnappen der Springwerk, Blowenfuse, und Poppencorken mit Spitzensparken. Der Machine ist Diggen by Expertzen Only. Ist nicht fur Gewerken by Dummkopfen. Das Rubbernecken Sightseenen keepen das Kottenpicken Hands in das Pockets. So relaxen und watchen das Blinkenlights.