Why Browsers Blamed DNS For Facebook Outage 96
Julie188 writes "That was probably the only time 'DNS' will ever be a trending term on Twitter. The cause was Facebook's 2.5 hour outage on Thursday, which incorrectly told users trying to access the site that a DNS error was to blame. In truth, experts who've read Facebook's explanation say the site went down because Facebook gave itself a distributed denial-of-service attack when a system admin misconfigured a database. So why was DNS blamed? The 27-year-old communications protocol has been known to cause other, somewhat similar outages."
Re: (Score:3, Funny)
Re: (Score:3, Informative)
http://rs79.vrx.net/works/photoblog/2010/Sep/23/ [vrx.net]
Notice the page, being served from facebook.com, saying "bad DNS". Think about that
for a second.
Re: (Score:2, Interesting)
I can understand why that may cause people to think the problem is with DNS. The error message looks like it came from an http proxy. That would suggest that either the user had a proxy configured or facebook were using a reverse proxy. If it was the later, the DNS "problem" would be inside their network.
Re: (Score:2)
Easy. They absolutely do use reverse proxies - every large site does, because you just can't scale a web site to Facebook's size without them.
In the post-mortem, they mention the need to effectively "turn off" the entire site, and the easiest way to do that is to remove its DNS. In this case, however, it was most likely more effective to remove the DNS entries for the back-end hosts that the proxies forward queries to, rather than the entries for www.facebook.com. This is most likely what generated the DNS
Re: (Score:2)
If it was doing a DDoS of their SQL servers, wouldn't taking down the DNS be useless? I've always been taught to use IP rather than hostname when building any database servers.
Re: (Score:2)
I've always been taught to use IP rather than hostname when building any database servers.
Definitely time for some reeducation then. Using IP addresses instead of DNS is just asking for trouble and headaches.
Re: (Score:2)
Bingo! The DNS issue was internal to Facebook's load-balancing cluster. Anyone who's hosted a busy web site should be familiar with this kind of setup. Internal DNS is often uses for such purposes, as it can transparently provide round-robin functionality. Every time you resolve the hostname, you get a different IP (caches notwithstanding), so while the back-end servers need to be conscious of the load-balancing in a generic fashion, the actual distribution of work is trivial, and adding more back-end n
Re: (Score:2)
I think they changed their internal DNS config, screwed it up, and when their front facing webservers tried to lookup their database servers and failed, they tried the backup/rollover db servers, failed... these cascading errors caused their internal DNS servers to melt down.
After they'd been down for a while, because it spun down slowly over about half an hour, somebody in charge asked "WHY ARE WE DOWN" and was told "DNS error" and then changed the front facing webservers to spit up HTML that said "DNS ERR
Re: (Score:2)
Off topic here, but FYI your "orange plane" is probably a flare, especially if you spotted it over Mountain View.
Human Error (Score:1)
Is contagious, it seems.
Re: (Score:1)
You must have interesting firewall logs... (Score:3, Funny)
look at my own /etc/hosts file. From time to time I manage to bite myself on the ass with my block-list
#Below is my custom DNS blocklist
127.0.0.1 om.nom.nom.
user@localhost:~$ ping om.nom.nom.
Re: (Score:1)
And somebody here actually cares??? (Score:2)
I disagree (Score:1, Informative)
It is the most used website in the world (more userhours/month spent of Facebook than any other site), the fastest growing internet community (when measured in new users/month), etc... And as such it is an engineering masterpiece (in software engineering and probably in several other areas, too). When it goes down for several hours, it is a newsworthy event.
For us who work for advertising agencies, FB downtime is also a financially notable event.
Re: (Score:2, Interesting)
Yet, you failed to notice that /. is a site for nerds.
Many nerds do not thrive to cultivate their social skills.
Checking their friends status on social network might not be on top of their agendas.
So: event was notable, but not very important to many slashdotters.
Re: (Score:2)
I noticed, and saw the DNS message when it was there. When I read this, I said to myself "umm, why did people blame DNS? That's what the message said!"
I think it was DNS (Score:1)
Re: (Score:1)
Except that 'hslookup facebook.com', et al.. worked with no issues. RTFS.
Message saying DNS error (Score:2, Interesting)
It wasn't your browser having a DNS error, it was the user facing servers at Facebook reporting DNS problems talking to whoever they talk to. Maybe when they decided the way to fix the problem was to take down the site, they just removed the back end server cluster from their internal DNS.
Duh (Score:5, Insightful)
So why was DNS blamed?
From http://www.facebook.com/note.php?note_id=431441338919&id=9445547199&ref=mf&_fb_noscript=1 [facebook.com]
The way to stop the feedback cycle was quite painful - we had to stop all traffic to this database cluster, which meant turning off the site.
I'm, uh, taking a wild guess that simply shutting off port 80 is not going to allow for a controllable ramp up... they could redirect to another site, Orkut or myspace would have been mildly humorous. I am mildly surprised they don't have a simple emergency box with a simple static "undergoing repair" page, but, whatever ...
So, other than zapping the A records and waiting, what are they supposed to do? Bonus points if they were doing DNS based load balancing and simply unplugged their (dns based) load balancer.
I have no dog in the fight, having deleted my facebook account months ago. It is kind of funny that a page of technobabble is described as "technical details" as if folks like us/me would find it to be a complete description rather than pretty vague. Then again we're dealing with farmville addicts and you can't reason with addicts.
Re: (Score:1)
Both approaches allow for a controllable ramp up given the right software on their servers. And I think with the typical off the shelf software neither of them allow for a controllable ramp up.
But did they even need a controllable ramp up of user requests? It sounded like the overloaded system was overloaded by internal requests, that were unrelated to the number of requests they got from end
Re: (Score:2)
But did they even need a controllable ramp up of user requests? It sounded like the overloaded system was overloaded by internal requests, that were unrelated to the number of requests they got from end users.
When you hear hoofs, think horses not zebras.
Seeing my servers spike to 100% CPU or 100% I/O and stay there, I'd look outside first before looking inside... So my first goal would be to act for a controllable ramp up of user requests. If the systems are so overloaded I can't troubleshoot at 100% of users, maybe I COULD log in and troubleshoot at 50 or 90 % load.
Also, I've worked at places that won't upgrade until outages due to high utilization are some large multiple of the cost of upgrading, this would
Re: (Score:3, Funny)
This whole situation does explain why my mother appeared to be sick on the couch at my parent's place on Thursday afternoon when I paid them a visit. With all the shaking and huddling under the covers and looking pale-faced I presumed she had come down with the flu or something.
Then again we're dealing with farmville addicts and you can't reason with addicts.
They aren't addicts, that's patently unfair. They can stop any time they want. What is most admirable about them is that they are simply so time-savvy that they coincide those times at which they wish to stop with the periods during
Ageism (Score:5, Informative)
The 27-year-old communications protocol
So? TCP/IP is 36 years old.
Re: (Score:1, Funny)
PILFS!
Re: (Score:1)
Re:Ageism (Score:4, Insightful)
Really? DNS is broken? So typing say, http://slashdot.org/ [slashdot.org] doesn't work for you?
No. DNS has a few security issues, but they're mostly minor. The fact that DNS works for millions of people every day without issue at least 99% of the time proves that DNS is a successful design, even if it could use some security updating.
Re: (Score:2, Interesting)
Re: (Score:2, Informative)
What does IPv4 have to do with DNS? (hint: nothing. Modern DNS servers support IPv6)
Re: (Score:1)
1. TFA is about DNS.
2. There is no "TCPv6". There is TCP over IPV4 and TCP over IPv6. They are, however, the same TCP.
3. TCP/IP is also used as a broad term for for the entire network stack. For example, DNS is an application-level protocol implemented on top of TCP and UDP over IP. But the entire thing is, loosely speaking, TCP/IP technologies.
Re: (Score:2)
AAAAhhh since when has DNS supported IPv6? I call shenaaaanigans!
Re:Ageism (Score:5, Insightful)
It is better to replace a 1 year old technology that does not suit our needs than to replace a 50 year old one that does. Usually when replacing, you want to replace with something newer. But in some cases it may turn out to be better to replace a new and misdesigned technology with an older and proven one.
That said, there are improvements to both IP and DNS which should be rolled out because they fix real problems. The rollouts are not happening as fast as they ought to, mainly because it is problematic to roll out a change to the entire Internet, especially when not everybody involved is cooperating.
But I don't think that really has anything to do with this outage.
Re: (Score:2)
The people who think that are
1) The people with patents on the new technology, or who are planning to sell stuff for it.
2) The people who have been convinced by the marketing budgets made possible by 1)
Re: (Score:2)
I guess it's historical legacy that we started with HTML and crap like that for browser interaction and everything sort of grew from there, but we're doing the whole "web as an applications platform" wrong.
Re: (Score:2, Funny)
So? TCP/IP is 36 years old.
Yeah, but it still lives in its parents' basement.
Re: (Score:3, Insightful)
This actual
Re: (Score:2)
Strong authentication of senders: 2 drawbacks (Score:2)
How much easier would fighting spam be if SMTP had a strong authentication system for sent messages?
There is one, called OpenPGP. There is another one, called S/MIME. Implementation of these in real-world MUAs awaits a decision on best practices for how strong the authentication needs to be. Stronger authentication has two downsides. First, the cost of obtaining a digital ID goes up with strength; even with the OpenPGP web of trust, travel to a key signing party hundreds of km away is not free. Second, requiring strong digital ID makes it difficult for someone living under a government that suppresses spe
Re: (Score:2)
You wouldn'
Spam solutions copypasta (Score:2)
If everyone had as a personal policy "only read OpenPGP-signed mail, and distrust mail signed with a key I haven't personally downloaded from a key server"
Then it would it would still fall under the "Requires immediate total cooperation from everybody at once" line of the well-known copypasta [craphound.com], and possibly "Mailing lists and other legitimate email uses would be affected" and "Many email users cannot afford to lose business or alienate potential employers" depending on how it is implemented.
Re: (Score:2)
So? TCP/IP is 36 years old.
And can't even cope with lossy network connections (i.e. mobile).
Re: (Score:2)
On the contrary; it copes very well with lossy network connections. The real problem is YOU and your insistence on receiving everything that was sent, and in the correct order even.
If you were willing to see half-pages and miss images, then UDP would be a splendid protocol for you, and you wouldn't have to wait for timeouts and retransmissions.
Re: (Score:2)
On the contrary; it copes very well with lossy network connections
I suspect this is going for Funny, but just in case: the basic problem is that TCP congestion control sees a lossy network as busy and backs off on transmission speed.
It's an open research topic, and currently handled in L2 on mobile networks since TCP can't cope.
DNS? Huh? (Score:2)
Terrible article. What "DNS error"? Is Facebook running its own DNS servers that do something funny, or what?
As for DNS "moving to the cloud", DNS is already far more distributed than any of the "cloud" systems. Which is a good thing.
Couldn't be a DNS outage. (Score:2)
Not mission critical! (Score:2, Insightful)
Re: (Score:1)
I found the genuine panic from many Facebook users to this outage very amusing.
I, too, laugh at the misfortune of others.
Re: (Score:2)
Des einen Leid ist des anderen Freud. -- Of one man's meat is another man's poison.
Re: (Score:2, Flamebait)
I suppose if I were an angst-ridden bitter friendless teenager I may have found it amusing too. Luckily, I'm an adult. (How sad that this comment is currently marked insightful.)
And - really? Genuine panic? I think that says more about the specific subset of Facebook users within your anecdote set than anything else. Or do you also extrapolate out from the frequent racist troll comments on Slashdot?
Re: (Score:2)
LOL Yeah it was hilarious [publicradio.org] when people [dailymail.co.uk] were complaining about being unable to get on Facebook. So funny that people need services to keep in contact with others, it's like why don't you just talk to them in person? I mean like, HELLO, am I the only one getting this? Geeze. If it's so important to you then you should be more redundant with your services, like, everyone knows that!
So what? Big Whoop! (Score:1, Flamebait)
Re: (Score:1)
high and mighty non-trend followers are pretty trendy, just saying...
Re: (Score:2)
Re: (Score:3, Funny)
No. Facebook doesn't do data-mining, and they don't serve ads. They simply pull money out of their ass.
Re: (Score:3, Insightful)
So is Slashdot.
I don't know that finger pointing is necessarily healthy - that tends to suggest CYA and childish blame games. But on a technical IT focused web site, one might suppose that a lessons learned exercise on the root cause of the failure of a massive website would be of interest and hopefully even an educational experience.
Re: (Score:2)
But on a technical IT focused web site, one might suppose that a lessons learned exercise on the root cause of the failure of a massive website would be of interest and hopefully even an educational experience.
I can't remember ever seeing an article about a major outage from some big website where they delivered enough information that one could learn from it.
So what did you learn from this article? Don't fuck up when you are an admin or maybe to create a better error page.
Yes very informative and of interest to nerds, indeed.
They get no monies from me! (Score:1, Interesting)
With all the adblocking software, no scripting, and other misc Firefox plugins I have no ads from facebook, let alone any other page. Firefox is set to delete cookies and BS on exit and I keep my machine clean with bleachbit.
Facebook allows me to connect with lots of people I never would see, like buddies in the Army based in Japan for instance or friends in New York etc, etc.
I hide all the annoying spam adds for peoples stupid farms, I have convinced many of my Facebook friends and family to stop playing t
Re: (Score:1)
I had never heard of them (I'm an old Slackware hand, and more recently Arch), but Mint's webpage is so incredibly slow to load, it's impossible to see what that agenda is. It doesn't inspire much confidence in them.
Re: (Score:1, Informative)
You won't find it on the home page. It was a post by a developer on the dev blog. He later removed it and apparently moved it to his personal blog.
Palestine Written by Clem on Sunday, May 3rd, 2009 @ 12:34 am | Main Topics
This is not the place to talk about this but I am deeply touched by what is happening over there. I feel disgust and guilt with us passively witnessing it and our money and weapons supporting it. I don't want to use my name or this project to push my own ideas about this but I spend a lot of time working and giving away, sharing and receiving to and from a lot of people.
I'm only going to ask for one thing here. If you do not agree I kindly ask you not to use Linux Mint and not to donate money to it.
I hope for these people to be able to live decently in the future and for me not to have anything to do with the misery they're in at the moment.
I promise not to talk about this anymore. I don't want any money or help coming from Israel or people who support the action of their current government.
Thank you for your understanding. This is very important to me.
There WAS some DNS issues too ! (Score:4, Informative)
The confusion might have come from the fact that when I looked, there seemed to also be some DNS problem.
Basically, when asking directly, the servers that are authoritative for the zone were giving me a CNAME for the 'ANY' query, but not the associated A records, which it should, since the CNAME was pointing to a host name within the same authority. At this point, any sensible resolver stops asking !
This only lasted for a little while though - so it might have been a glitch or possibly a deliberate action related to how they were trying to fix the underlying issue itself - possibly averting traffic until they actually solved the actual problem.
--Ivan
Re: (Score:2)
This kind of thing can happen when records are being changed (say from A to CNAME) and the A record has not expired from your cache, yet. Did you do a "dig trace" around the cache to verify?
Why DNS? (Score:1)
Cause browsers is stoopid!
It wasn't DNS. (Score:1, Redundant)
Another failure waiting to happen (Score:2)
To make matters worse, every time a client got an error attempting to query one of the databases it interpreted it as an invalid value, and deleted the corresponding cache key. This meant that even after the original problem had been fixed, the stream of queries continued. As long as the databases failed to service some of the requests, they were causing even more requests to themselves. We had entered a feedback loop that didn't allow the databases to recover.
Even when the database has a valid value, if failures to get a value from the database can creating a growing cascade of errors, then this design is still poised for a future failure for simple things like a partial outage of databases or network access to them. Ideally, once the data was valid, the number of clients not getting a valid value should gradually decrease as more and more get valid values and don't have to requery. But if the scale was such that none could get anything when all were trying (a
Take down any company's entire network access ... (Score:2)
... and browsers will think their DNS is dead ... because, well, it is ... and is the first thing a browser needs to access.
Did Facebook have an internal DNS failure? (Score:2)
The "error page" is clearly a Facebook server reporting a DNS failure within Facebook's own network. Facebook requests are processed by user-facing servers which make RPC calls (not HTTP) into Facebook's internal network. Machines in multiple locations may be involved in generating a single Facebook page. If their in-house DNS system for organizing their internal network failed, they might produce messages like that.
Re:Did Facebook have an internal DNS failure? (Score:4, Informative)
It didn't fail, they turned it off. This was the easiest way to "shut off the entire site" as their post-mortem describes. The DNS errors users saw were being generated by the front-end HTTP proxies, not by client browsers, which caused most of this confusion. Once the database issue cleared, they reactivated the DNS entries for the back-end servers one cluster at a time and the site came back.
Re: (Score:2)
Re: (Score:2)
This is explained in the post-mortem. Basically, the problem was that clients were reacting to corrupt data being served up by the origin DB cluster the same way that they reacted to bad data coming from the memcached cluster - by deleting the offending entry in memcached and re-sending the query to the origin DB. So a client queried the origin, got bad data, and then deleted the key from memcached - resulting in every other client (tens of thousands of them, most likely) then querying the cluster for the s
Clumsy title (Score:1)
Browsers are fucking software. They don't blame anything for anything.
Facebook was down. That's the only that matters to most people.
dns (Score:1)