Microsoft's DNS Down 603
Everybody and their brother has submitted what has to be the least
interesting story in months. Microsoft's DNS server is down. I haven't visited their web site in months and I don't care
in the slightest, but if I don't post this, I'm going to spend the next 48 hours deleting 2,000 submissions about it as zillions of people somehow think that this matters. Yup. Its down. Ye haw. Do you people actually visit microsoft.com? It didn't
even render under Netscape for the longest time. I can't remember the last time I intentionally went to that site. There's just no need. (Well, I guess if you run windows you gotta get your service packs every few minutes ;)
Not just MS - Lots of whois stuff is screwy (Score:2)
AMAZON.COM.SHOULD.SELL.SEXTOYSONLINE.COM
whois yahoo.com:
YAHOO.COM.IS.TRYING.TO.STEAL.YAHOO.VU.HOW.ACIDULO
whois slashdot.org:
SLASHDOT.ORG.SUCKS.COMPARED.TO.JIMPHILLIPS.ORG
whois netscape.com:
NETSCAPE.COM.SHOULD.SHAKE.OFF.ITS.CHAINS.AND.FUCK
NETSCAPE.COM.SHOULD-DUMP.AOL-AND-REHIRE.JWZ.BUT.C
whois aol.com:
AOL.COM.IS.REGULARLY.HAX0RED.BY.INSIDE-AOL.COM
AOL.COM.HACKED.BY.PSYKOJOKO.ON.A.ROOT-NETWORK.COM
whois microsoft.com:
MICROSOFT.COM.HACKED.BY.PSYKOJOKO.ON.A.ROOT-NETWO
MICROSOFT.COM.IS.NO.MATCH.FOR.THE.UEBER-GEEKS.AT.
I don't know about anyone else, but I see a theme...
more MS bashing! (Score:2)
/. consistency? (Score:2)
The normal rant about MSFT around here is that one has to wait a long time for a service pack to come out with fixes to known bugs and security holes. So which is? Do they come frequently or infrequently?
And we should trust our data to .NET???? (Score:2)
It's Windows 2000! (Score:2)
--
Re:This article is another example... (Score:2)
Out there are so many OSes, and almost every of them has something that others can't do better, simply because its designed for that. Windows for example has two or three main advantages: first, it's widely spread and therefore a lot of people know how to work with it, and second, it pretends being easy-to-use. (A third advantage is e.g. you can't hack the root acount
Others have other advantages, and everyone should use that operation system that he thinks is best for the job.
And I find it interesting that the DNS Server of microsoft crashed, interesting in the same way as the hack of www.apache.org (if those guys don't know how to setup a secure webserver, who should know then?), and also as the newsitem about some MS Services like hotmail running Unices, simply because MS's products didn't do the job.
Re:This article is another example... (Score:2)
Human nature. I believe the thought process goes something like "I'm no bigot. I'll show this guy how tolerant we are of alternative viewpoints by moderating him up!"
It's fairly widely known around the people who've been on /. for a while. Certainly everybody that uses the technique does - but, unfortunately, many moderators haven't realized it yet. Unfortunately, complaining about this tends to draw a bunch of people telling you to stop bitching.
Undoubtedly, or if not karma, at least a +5 so he can shout his views with a karmic megaphone (geez, I like that phrase :)
The solution? My personal moderation policy is that anybody who uses the phrase "I know I'm going to be modded down for this" or similar, gets exactly what they ask for - moderation down.
Re:doesn't even render in ie2 (Score:2)
Look at microsoft.com in lynx sometime (not a framed one, try w3m for that). Now try netscape.com.
--
Re:Details on The Register (Score:2)
Is someone out there attacking DNS servers?
Just an irrational suspicion...
They weren't cracked. Isn't this scarier? (Score:2)
Which is scarier, that M$ would be that vulnerable to cracking, which wasn' the case this time, or that not even M$ is capable of defending itself against its own products?
Check into access security systems which monitor traffic through doors and other entry/exit points from secure facilities. NONE are running anything by M$. They're ALL run on Unix platforms.
extremely annoying (Score:2)
aspects of microsoft.com- hotmail, passport, msn,
outlook- and is mostly disabled today. You'd
think that the company that wants to become the
NET computing platform would have better reliability
and defence against hacking.
"Microsoft Explains Site Access Issues" (Score:2)
"At 6:30 p.m. Tuesday (PST), a Microsoft technician made a configuration change to the routers on the edge of Microsoft's Domain Name Server network..."
More Info [microsoft.com]
Re:Due to Incompetence (Score:2)
Re:Flamebait (Score:2)
I fail to see how this is an advantage - Microsoft service packs are notorious for fixing some things and breaking others. Far better to only have to upgrade things you care about. This probably brings the number of updates you have to get about on par with the number of Microsoft updates, except that you can more closely control the number of changes that you do at once.
Your grandma's running bind? She rocks! But seriously, all you have to do is get the RPM/DEB in response to the security bulletin from your distribution's security list, open up your favorite package manager front-end, click on the package, and then quit once it's installed. Doesn't sound too tough for Grandma if she could already click through a Windows upgrade. If Grandma's running Debian she can even get the updates automated and never mess with them again.
And of course Grandma can upgrade bind a couple hours after the hole is found if she's interested; who knows how long she'd wait for a Service Pack?
Actually, that was jonkatz :) I totally agree on the spelling issue, though - it's at the point where I just skip some of the good Cmdr's articles, because it's too difficult to determine what he's getting at. I've never understood why bright, motivated people don't have the same regard for the impression their words make that they have for the way that their code runs.
Oh, c'mon. Journalistic standards vary widely; although CmdrTaco's screed wasn't particularly literate or well-reasoned (I would have rated it Flamebait too) it falls within the realm of so-called journalism from the Microsoft Linux Myths page or from ZDNet et al. The sad truth is that yellow journalism is alive and well in the modern tech press on all sides of a given issue.
Re:Huh? It matters immensely (Score:2)
Re:SecureDNS (Score:2)
Not down (Score:2)
"When I was a little kid my mother told me not to stare into the sun...
Something is definitively hacked (Score:2)
but that's not a normal whois-query:
dollyb
Whois Server Version 1.3
Domain names in the
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: MICROSOFT.COM.WILL.LIVE.FOREVER.BUT.LUNIX.SUCKS-B
IP Address: 209.191.22.24
Registrar: CORE INTERNET COUNCIL OF REGISTRARS
Whois Server: whois.corenic.net
Referral URL: www.corenic.net
Server Name: MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.C
IP Address: 207.10.88.13
Registrar: INTERNET DOMAIN REGISTRARS
Whois Server: whois.registrars.com
Referral URL: www.registrars.com
Server Name: MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.O
IP Address: 138.12.12.12
Registrar: GANDI
Whois Server: whois.gandi.net
Referral URL: www.gandi.net
Irrelevant (Score:2)
But most of the slashdot community these days seems to be composed of 14 year old linux script kiddie hacker wannabies who think this is earth shattering news.
Maybe we need a new website. Posting stories such as "How to haxx0r" and "MS website is down for the 48924th time this week". It will be "News for kiddies. Stuff thats l337."
This will leave slashdot for the real intellects. Who knows, it might just work
D
Re:This article is another example... (Score:2)
Weeks at at time!
There has been a raging argument about this in comp.os.linux.advocacy for the past few weeks, and some guy finally went and looked up all the Hot 100 sites using Netcraft's uptime counters, and the results looked pretty dismal for W2K.
I suppose someday I'll be bothered to learn how to href a usenet article, but meanwhile I'll just direct you to c.o.l.a. and tell you to look for a recent thread with "Hot 100" in the subject line.
To avoid undue suspense, I'll tip you off that the average uptime for sites based on W2K was about 19 days, or about half what the Linux sites were getting and 1/3 of what the Solaris sites had.
So. I'm sure W2K is nice for people who are in to that kind of thing, but I were trying to sell people on it I wouldn't push it on the basis of its uptimes.
--
That has nothign to do at all with 'hacking'. (Score:2)
Whois doesn't return the domain registration info for a single domain, it first does a substring search for the given string.
In this case, it shows every single registered host record that has 'microsoft.com' as part of it's name.
Many domains do this.. it's not a hack, it's not even anything at all.
Re: (Score:2)
Re: (Score:2)
Re:more MS bashing! (Score:2)
Microsoft Bashers Love It Too (Score:2)
Re:This article is another example... (Score:2)
As the sole developer of the only GUI uptimes.net client for Windows, I spend a good bit of my time explaining to people how comparing Win2K uptimes with *NIX uptimes is comparing apples to oranges. It's gotten to the point now where I just don't even care anymore. If ya' can't figure it out fer yerself, I ain't gonna explain it.
--
Re:This article is another example... (Score:2)
--
Re:This article is another example... (Score:2)
I run several Windows 2000 servers myself, and I also use Windows 2000 as my full-time desktop OS at home and at work. At one point, I had a web server running Windows 2000 Server RC2, serving a popular dynamic (ASP/MSSQL-driven) site, on hardware that didn't meet Windows' minimum requirements. The server stayed up (and perfectly stable) for 155 days before I finally had to shut it down to move it to my new apartment. And this was on a beta version of Windows, on sub-standard hardware! My desktop installation (running a non-beta version, on hardware that surpasses the OS's requirements) has an average uptime of over 20 days, and this is a machine that I use for software development, testing, and games. Even then, I usually only reboot it to install new hardware or upgrade software. Crashes are very infrequent.
What too many Microsoft-haters fail to realize is that Windows 2000 can be every bit as stable as your favorite *NIX OS. It's not that stable right out of the box (nor is any *NIX distro), but if you tweak it just right and run things smartly, you'll have a server that could take on anything in an uptime contest.
In the interests of not getting modded down for redundancy, I won't go into detail about how retarded this bias is that so many *NIX users (especially that punk CmdrTaco) have against Microsoft.
--
How to get mail to @microsoft.com with postfix (Score:2)
Create an /etc/postfix/transport file with the contents:
microsoft.com smtp:[131.107.3.124]
.microsoft.com smtp:[131.107.3.124]
(.124 is mail2.microsoft.com; .125 is mail1, which is apparently down right now.)
Put this in your /etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
Reload or restart postfix and have it flush all the mail. It might take a while, especially if you have a lot of mail queued up. To speed things up, try these two settings:
default_destination_concurrency_limit = 200
qmgr_site_hog_factor = 100
Re:Yes, actually, Taco, we do (Score:2)
Thats where we would be. Because that is the history of computers that we have.
What about Diablo II (Score:2)
How many times has Rob talked about Diablo II? And then on the front page he starts talking about "if you run Windows." Well, rob, you do too. Sometimes it just gets rediculous with the Linux sensationalism.
Yes I use and Love linux and it's my primary OS on all of my computers (excpet the Mac IIsi (no FPU yet)). but I have windows on my workstation to do things like play games, hard disk multi-track recording, and to view quicktime movies.
More Amatures working as pros (Score:2)
What ever happened to putting your dns servers on separate networks? It used to be a requirement to register a domain. At least hotmail got it almost right... too bad they link to passport.com which didn't.
Re:Due to Incompetence (Score:2)
Re:Welcome to the real world (Score:2)
Keep in mind also that this site isn't meant to be a news portal for IT professionals but a news site for Linux using geek-types in general about things that interest us outside of our professional lives (ignore for a minute that for most geek types there is a fair bit of crossover between work stuff and personal stuff.) With that in mind, I agree with Taco, that one company that makes software I don't use having dns problems is not worthy of a headline on the front page of
Re: (Score:2)
Re: (Score:2)
Re:Yes, actually, Taco, we do (Score:2)
Main Entry: their
Pronunciation: [th]&r, '[th]er, '[th]ar
Function: adjective
Etymology: Middle English, from their, pronoun, from Old Norse theirra, genitive plural demonstrative & personal pronoun; akin to Old English thæt that
Date: 13th century
1
2 : his or her : HIS, HER, ITS-- used with an indefinite third person singular antecedent <anyone in their senses -- W. H. Auden>
usage see THEY
So if you consider "everybody" to be singular then it seems that at least Mirriam-Webster's agrees that "their" is appropriate usage.
There's nothing like flaming a grammar flamer flaming another grammar flamer for grammar.
doesn't even render in ie2 (Score:2)
who cares about dns, when I couldn't even upgrade an nt4 re-install. "sure", sez i to myself, "i can just update the rest over the net, using the bundled browser." big bro microsoft had other ideas.
of course, their latest websites haven't even rendered in ie2 ... this
is their own software that doesn't
display their own website. feh.
Re:Look at whois from internic.net & see the trail (Score:2)
I'm picking on you, specifically, because you're convenient, but the same goes for everyone else posting this.
First of all, you are the fourth person to post the exact same thing, on page 12 of the comments...I can only imagine hoe many more times it has already been posted.
Not only this, but your post follows two explanations -- one nicely written, one a flame -- on this page alone explaining why you are wrong.
None of those entries are for microsoft.com's domain, except the last one, which is microsoft.com. The rest? "MICROSOFT.COM.GUTS.NL" is for guts.nl. "MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG" is for takedrugs.org. See the pattern?
Anyone can buy a domain, create microsoft.sucks.mydomain.com, and get it to show up on WHOIS.
Of course you'll never be modded up. You are wrong, you have been proven wrong multiple times, and you are highly redundant.
--
Re:whois record was altered!!!! (Score:2)
First of all, you are the fifth person to post the exact same thing, on page 12 of the comments...I can only imagine how many more times it has already been posted.
Not only this, but your post follows two explanations -- one nicely written, one a flame -- on this page alone explaining why you are wrong.
None of those entries are for microsoft.com's domain, except the last one, which is microsoft.com. The rest? "MICROSOFT.COM.GUTS.NL" is for guts.nl. "MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG" is for takedrugs.org. See the pattern?
Anyone can buy a domain, create microsoft.sucks.mydomain.com, and get it to show up on WHOIS.
Of course you'll never be modded up. You are wrong, you have been proven wrong multiple times, and you are highly redundant.
--
Back up, no apology, no explanation (Score:2)
MSN down (Score:2)
*twitch*
Re:Huh? It matters immensely (Score:2)
FYI, the Windows NT 4.0 Option pack includes IIS, Transaction Server, Certificate Server, Index server, and various other bits and pieces.
Re:Yes, actually, Taco, we do (Score:2)
Everyone
Re:This article is another example... (Score:2)
Why is it that every response that has something to the effect of "Now, I know I'll be modded down for this..." always get modded up? Am I the only guy who noticed this, or did ChaoticCoyote know it too? And if he did know it, doesnt that mean that he does care about karma?
Secondly, "excellent" and "knowledge base" have never followed each other in a sentence that I have ever seen. The knowledge base SUCKS. Which leads me to another point: people in IT tend to believe what they're told and not think for themselves, which is what pisses off most linux advocates the most, because they wont even try anything non-MS, despite the PROVEN cost/work-done ratio.
--
Re:SecureDNS and Certificate Authorities (Score:2)
the DNS registrar inherently knows that the person that they sold foo.com to is the person they sold foo.com to. That doesn't mean they're certifying that it's really "The Foo Corporation, 1600 Pennsylvania Ave, Washington DC, USA" (an issue that leads to trademark resolution court cases when "Joe Foo Widgets" says that foo.com is their trademark) - it just certifies that "the person who possesses this key can change the IP addresses that
In practice, that could work fine for new domain names, as long as the registrars want to start supporting SecureDNS for their domains, but there's more trouble in setting the keys for existing domain names. Some domain names use PGP keys to control changes to their DNS data, and those PGP keys could be used to certify any submitted keys. Some domain names use the previous traditional method for controlling DNS information "accept any syntactically correct request to change the IP address and user data, even if that allows anybody in the world to hijack the domain." You could either retain the same mechanism (:-), or use that mechanism to bootstrap setting an initial SecureDNS key, and using that key to certify future change requests, or pick some hybrid mechanism like "generate the keys and email them to the registered contact address, if it exists".
We'll probably see Secure DNS from smaller, more flexible TLDs like
Digital Nervous System Breakdown :-) (Score:2)
They're Baaack .... up (Score:2)
Re:Maybe its a bad day to be a taco. (Score:2)
actually, no maybe involved, he's clearly stated that.
Re:Welcome to the real world (Score:2)
Also, msdn.microsoft.com works just fine, btw...
---
Re:Welcome to the real world (Score:2)
Flamebait? Probably. Do as you will.
The Good Reverend
Re:Due to Incompetence (Score:2)
And indeed probably these are on two subnets, judging from the addresses.
What I guess I was trying to point out is that if I were the size of Microsoft I'd have them much more distributed, on different ISPs in different class C's.
Mind you, MS do a lot of interesting stuff behind the scenes, so they may have more going on we don't know about - there's an informative whitepaper on their web site....ah.
The real reason for the Microsoft outage (Score:2)
All four of the DNS addresses for microsoft.com and other microsoft domains are in the same Class-C range. If routing or connectivity for that one IP subnet is disrupted, those names stop resolving.
This goes against everything recommended in RFC2182 [dns.net].
Yes, this is a common mistake, but one of the first rules you learn when becoming a DNS admin is to have diversity in your name servers. Spread them across multiple hosts, on different networks, in physically separate datacenters.
Apparently Microsoft had to learn this the hard way.
To stop our users from complaining about the long lookup timeout on MICROSOFT,COM, MSN.COM, MSFT.NET and various other sites, I aliased those domains in our name servers to return immediately with 'no A records available'.
It's a shame management will insist that I take out those aliases tomorrow morning.
Re:This article is another example... (Score:2)
The point isn't that *I* necessarily need to be able to modify the source, the point is that if the source is open, *anyone can fix a bug and submit a patch*. No more waiting 6 months for Microsoft to release a service patch that MAY OR MAY NOT include your bug fix.
Granted they are SLOWLY getting better about this, but if you're using NT 4 now, you're fucked, because MS is not releasing any more patches for NT 4, so if something's broken, it's going to be broken forever.
Just because *you* don't have the time to worry about any of the code in your underlying programs (OS, window manager, etc.) doesn't mean that it's not a good thing it's available!
Re:Are you serious? Of course your readers go ther (Score:2)
Re:Are you serious? Of course your readers go ther (Score:2)
Two Words (Score:2)
Agh!...If lose the items on my corpse on HG, I will be quite pissed. BTW, AC servers were taken off line for a bug hotfix. And, like 8hrs. later when they were finally put back up, right then MS's DNS dies!...egh!
Re:This is news? (Score:2)
Re:Welcome to the real world (Score:2)
Re:This article is another example... (Score:2)
solves the problems of the user with insightful advice (did you reboot your computer today?.
You just proved my point -- and contradicted yourself -- quite nicely.
--
hotmail's IP (Score:2)
Searching microsoft.com and Navigator (Score:3)
That doesn't surprise me, and I guess it isn't really worse than any trick organizations play to gain competitive advantage, but it does irritate me a lot for some reason.
sPh
It is quite important! (Score:3)
And all the swedish online papers have small articles, complete with rumors of hackers having brought the DNS down and replies from Microsoft representatives saying that they "have no information about that, just that the DNS is to blame".
Altough some of us occasionally degrade ourselves by Microsoft-bashing, I don't think that anybody in the computer industry could close their eyes to the fact that if microsoft.com and hotmail.com are wiped from the face of the net, its big news.
And we don't even have to tell people that evil Linux-activists brought it down or that Microsoft has incompetent staff, or that the moon is in the phase where these things happen, we could just plainly say that Microsoft's DNS is down, and that it has some significance in the world of today.
Re:This is news? (Score:3)
But don't you see, this allows the rabid anti-microsofties to vent their spleen. Come on - ANY microft-is-bad-so-we-gotta-slam-them-at-any-oppur
story is front page
Next.
Re:Yes, actually, Taco, we do (Score:3)
There's nothing like flaming a grammar flame for grammar.
--
Re:What a WHOIS lookup shows (Score:3)
Anyone can register a server with multiple sub-domains (such as the ones criticizing M$).
You could register a server called microsoft.sucks.slashdot.org and that has nothing to do with Microsoft.com.
The only part that matters is the last two parts.... i.e. slashdot.org.
So why is that post informative? It's idiotic.
DoS ? (Score:3)
So far I've only heard about DoS attacks on websites and IRC servers. Could this be the beginning of a script kiddie actually using that grey blob of his a bit more then is reasonable?
DNS, Schmee En Ess.... (Score:3)
Re:not only microsoft.com (Score:3)
Comment removed (Score:3)
HOTMAIL IS DOWN (Score:3)
Re:Oh no. (Score:3)
Re:This is news? (Score:3)
Microsoft said that beginning Tuesday night and through Wednesday morning users have been getting no response from the affected Web sites. Sohn said the problem stems from Microsoft's Domain Name Servers, which translate requests to various Web servers. The servers are operated and maintained by Microsoft.
BTW- when it comes to downtime and everyone bashing MS, please note that it took me over 5 minutes of retries to post this message, and it was not because I posted any other messages within the last minute.
Im sure this will be considered flamebait, but oh well, I dont post often anyways.
Due to Incompetence (Score:4)
The only reason their site is down is because of engineering incompetence on the first order.
Never ever ever put all of your nameservers on one network segment! How stupid could you be, Microsoft?
What's wrong with this picture?!
DNS4.CP.MSFT.NET. 207.46.138.11DNS5.CP.MSFT.NET. 207.46.138.12
DNS7.CP.MSFT.NET. 207.46.138.21
DNS6.CP.MSFT.NET. 207.46.138.20
Re:Due to Incompetence (Score:4)
While it is theoretically possible to distribute a subnet that small geographically, in practice it doesn't work that way. Generally, anything smaller than a /24 netblock is tied to one network provider, and probably even to one area of their network.
So, the incompetence charge sticks. To you as well.
--
Re:SecureDNS (Score:4)
SecureDNS (available in bind 9) allows you to sign your zone, so this kind of DNS cache poisoning can not happen.
1. This wasn't DNS cache poisoning. The nameservers just weren't reachable.
2. DNS cache poisoning is easily solved: just use good resolvers that don't automatically trust all answers. Try dnscache [cr.yp.to], and the mydomain.com incident wouldn't have affected you.
Uh-huh.. (Score:4)
This is important! (Score:4)
This affects all Microsoft sites. Because of this I can't:
Re:This article is another example... (Score:4)
Hey, wait a minute...
Welcome to the real world (Score:4)
Are you serious? Of course your readers go there! (Score:4)
The biggest software company, one that prides itself on supposedly "enterprise level" server software has it's DNS down. It dosn't matter if you don't like them or not, many people visit them daily!
I visit them in order to obtain the latest patches for my clients, and to find out if the problem I'm fixing is one that MS is aware of.
I've kept out of it so far, but jeez Taco, don't you think you should try to REDUCE the trolling in your forums?
---
Re:You must not do anything interesting on them (Score:4)
Here you are assuming that all install programs are called setup.exe. I have seen that dialog once, for a certain 3rd party utility(cygwin). I got no warnings of any kind for several others (adobe acrobat). I also discovered a bug in the user creation dialogs as well while messing around with my user profiles.
Second, you seldom need to reboot when installing new software, but lots of software just pops up a "reboot" message anyways.
Plenty of software does really need a reboot. Some install scripts try to make you do an uneeded one, but those are not what I'm talking about. Install Single-Step on Chip or W2kPacket Capture Driver and you will need a reboot.
Third, there is in fact a "Home" directory, and has been even in NT4. It was in Profiles then, and it's under Documents and Settings now. Applications default to your "home" directory (My Documents) so long as they don't specify a specific directory (which most apps don't do).
I am aware of the documents and settings directory. First its a horrible directory name to try and navigate to from within a cmd shell. Second many applications support it by starting all the save dialogs there- but this sucks if you are trying to save in the directory you started the application in. The idea of a unix home directory is not only are they standard, easy to use with scripts, and universally supported in thier OS, but they are the only place you can save files as a user.
If you're going to pretend you know something, you shouldn't make comments which immediately give away your lack of knowledge.
Well, you seem to know a bit about W2k. Just enough to be dangerous...
Re:Accounts Payable (Score:4)
Yes they did, and Herbert Kornfeld is on his way over in the Nite Rida right now. Now they really got problems.
Accounts Payable (Score:4)
Re:DoS ? (Score:4)
not only microsoft.com (Score:4)
Also Hotmail and MSN suffer from this.
--
Rogier
Taco never visits Microsoft.com? (Score:4)
Taco, get your head out of your ass. Microsoft is a major player in this industry. You're a journalist. Go figure.
SecureDNS (Score:5)
SecureDNS (available in bind 9) allows you to sign your zone, so this kind of DNS cache poisoning can not happen. Lets roll it out and use it sooner rather than later.
Re:Flamebait (Score:5)
On this point, there's something even more important to point out. Taco pretty much slammed his own readers for posting this supposedly insignificant story... when the very fact that he received a bazillion submissions on this shows that they do indeed read this site and that it is important for many of those who submitted the story.
Journalists who insult their own readers don't have readers for very long.
Re:Oh no. (Score:5)
> set type=soa
> microsoft.com
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
microsoft.com
primary name server = dns.cp.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2001012306
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 7200000 (83 days 8 hours)
default TTL = 7200 (2 hours)
microsoft.com nameserver = DNS7.cp.msft.net
microsoft.com nameserver = DNS6.cp.msft.net
microsoft.com nameserver = DNS4.cp.msft.net
microsoft.com nameserver = DNS5.cp.msft.net
DNS7.cp.msft.net internet address = 207.46.138.21
DNS6.cp.msft.net internet address = 207.46.138.20
DNS4.cp.msft.net internet address = 207.46.138.11
DNS5.cp.msft.net internet address = 207.46.138.12
> server dns7.cp.msft.net
Default Server: dns7.cp.msft.net
Address: 207.46.138.21
> set type=a
> www.microsoft.com
Server: dns7.cp.msft.net
Address: 207.46.138.21
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to dns7.cp.msft.net timed-out
> server dns6.cp.msft.net
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Can't find address for server dns6.cp.msft.net: Timed out
> server dns4.cp.msft.net
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Can't find address for server dns4.cp.msft.net: Timed out
> server dns5.cp.msft.net
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Can't find address for server dns5.cp.msft.net: Timed out
>
The sad thing is, the way DNS info is cached, is that it takes a fairly long outage for anyone to even notice.
Anyway, the above says: dns4,5,6 and 7
Remember the admins! (Score:5)
This is part of the Internet, though: we forget that real people do work for Microsoft. We forget that MS isn't just an evil force, but has people who have emotions working for it. It is an irony that people on Slashdot - technically literate people - who claim that email is an equalizer (no respector of race, disabilities, age, etc) - these same peple forget about the human faces behind a large website.
I wouldn't want to be in those network admin's shoes right now. I've had DNS outages, and I know what it is like to have corporate headquarters yelling, "Why aren't we up?"
So, before you criticize how "dumb" their admins are, and whatever else, remember two things: 1) This same problem (DNS outage) has happened to any real admin on Slashdot, and 2) the MS network admins are having a very bad day.
Re:Due to Incompetence (Score:5)
A netmask of 255.255.255.240 would segment 6/7 from 4/5. Just because they look like they fall on the same class-C, doesn't mean they are. Even if MS owns all of 207.46, they could mix and match the network ranges however they want. Don't assume anything.
The only incompetence I can verify is that you don't know how to segment networks.
sedawkgrep
Yes, actually, Taco, we do (Score:5)
I myself probably visit microsoft.com at least once every day or so. Their Knowledge Base is a great place to find out loads of information on just about any product they make. MSDN Online is a great resource for developers!
I'm a sysad for an ISP. Most all of our users use Windows (we've got a few Mac users, a few Win3.1 users, and a few Linux users). I wrote our installation software in VC. I actually was going to write a utility today that uninstalls DUN, all of the Network components, and deleted all of the network-related files, and then forced a reinstallation from CD. To do this, I was going to refer to KB article Q181599, which details all of the network-related files to remove and which cab files to find them in to put them back. And now I can't do that because microsoft's site (one of the most reliable sites I've ever frequented, I might add) is down.
And all you have to do is sit over there and say "do you people actually visit microsoft.com?" like it's some sort of unholy act to go there.
I knew there was a reason I stopped going to slashdot recently. I actually hit the wrong button on my IE (yup, i'm using Win98!) Links bar and caught the "Microsoft DNS is down" line, so I thought I'd read it, but all I got was disgusted.
Mike
P.S. The correct phrase is "everybody and their brother."
"I would kill everyone in this room for a drop of sweet beer."
Details on The Register (Score:5)
Basically, it appears as if the entire subnet the Microsoft DNS servers were hosted on has just 'disappeared' making microsoft.com, msn.com, hotmail.com, passport.com et al unavailable. Sites hosted on other domains (such as microsoft.co.uk [microsoft.co.uk] are still available). Direct IP addresses are stated in the article if you _have_ to visit Microsoft.com
Microsoft and Yahoo were suffering DNS problems earlier this week [theregister.co.uk] as well, and microsoft new zealand [theregister.co.uk] was recently hacked.
Beebware.com [beebware.com] also has a list of consumer information on Microsoft [beebware.com], MS Humor [beebware.com] as well as many other categories [beebware.com] about 'that' software company.
Richy C.
Java DNS? (Score:5)
--
Re:Are you serious? Of course your readers go ther (Score:5)
This IS his forum. I don't remember reading anything that says he HAS to be fair and impartial. Yes he claims this is a "News for Nerds" site. But this isn't a REAL(tm) news site. He's not a reporter so he doesn't have to live up to any moral or ethical standard. You don't have to come here if you don't like it.
This article is another example... (Score:5)
I now expect to lose Karma for criticizing Slashdot. Of course, if I cared about Karma, I wouldn't post this response... :)
I run and program both Linux and Win2K; Windows 2000 is quite stable--as many others have pointed out in past postings. My Win2K system runs continuously for weeks at a time, without glitch or problem, despite my use of games and unusual hardware. It might surpise CmdrTaco to know that quite a few "nerds" think that Windows matters.
I find many reasons to visit Microsoft's web site: to pick up development kits, to read articles, and for the excellent knowledge base that Linux can only dream of emulating. Win2K has bugs, but so does Linux. I suggest Slashdot spend less time making snide comment about MS, and work on fixing the leaks in its own ship of state. Linux ain't perfect, ya know.
--
Scott Robert Ladd
Master of Complexity
Destroyer of Order and Chaos
Huh? It matters immensely (Score:5)
Just this sort of thing happened the other day where an ISP released DNS entries for yahoo.com, and some other sites, uh...accidentally. The problem is that people don't talk to the authoratative DNS servers : They just trust anyone. This is leading to all sorts of shit and I'm sure after the ruckous about that guy overriding commercial sites DNS entries some script kiddies got some ideas. THIS CAN HAPPEN TO ANY SITE, INCLUDING SLASHDOT. To think this isn't news is just bizarre. It isn't that MS' DNS server was hacked : Rather DNS is showing it's cracks and they are absolutely massive. What if someone redirected a banks page to a dupe that logged everyones login info? Of course theoretically SSL ties a site to an IP, but most people ignore little warnings like that.
On another note I go to microsoft.com all the time in fact (though usually msdn.microsoft.com). Excellent site. In fact I believe it's among the top 3 most visited sites on the planet, so to proclaim it not to matter seems rather goofy.
Taco, please... (Score:5)
Perhaps even more important is the fact that if some fool can corrupt DNS and take Yahoo and Microsoft offline, they can take anybody offline. The DNS system needs to be fixed, but with your snide comments about Microsoft the focus of that issue is lost.
I might add that I do in fact use Windows 2000 because it is stable (2 BSODs since Dec. 1999) and supports everything I need. Many people that use Linux do so because it fits their specific needs, and that's great. But I get the feeling from some of the
-
The IHA Forums [ihateapple.com]
Flamebait (Score:5)
> Everybody and there brother
I'll just pick this up before someone else does.
'There'!= 'their', the possessive pronoun Taco is looking for.
> has submitted what has to be the least interesting story in months. Microsoft's DNS server is down.
Ok fine. End of story. No need for irrelevant flamebait designed to get thousands of posts about how Windows/Linux sucks.
Let's address the news: MS' dns is down.
Ok wow. Have you been to uptime.netcraft.com [netcraft.com]? I think you'll find *all* servers go down, especially ones under the consistently heavy load of ddos, millions of hits a day, etc like MS. Redhat goes down, MS goes down, big wow. Every big site goes down more often than a presedential intern on heat. Ok. [It's just that people don't gloat when Linux companies go down, probably because they aren't successful like MS so people aren't jealous of their success.]
> I haven't visited their web site in months and I don't care in the slightest, but if I don't post this, I'm going to spend the next 48 hours deleting 2,000 submissions about it as zillions of people somehow think that this matters.
It does to the millions of daily visitors, yes.
> Yup. Its down. Ye haw. Do you people actually visit microsoft.com?
It's actually in the top 10 of most visited websites in the world. It has free software, updates, one of the best developers' sites anywhere, etc..
> I can't remember the last time I intentionally went to that site. There's just no need.
You might as well say you have no need to upgrade Slashcode when that gets holes in it. If you use Windows there is a need, because all software is insecure and Windows is no exception. It's no different with Linux. It's not just that either. Microsoft's website has a whole bunch of other interesting and free stuff there too. In fact, Microsoft's site became, in about 1997 (I remember reading) the largest website in the world, with several terabytes of content. So yes, there is a need.
If you actually took your blinkers off you might realize that - I don't just crap about Linux like you seem to about Windows. I haven't got an irrational fear/jealousy about Linux.
Hell I use linux. I install and maintain it as a web server. And I don't say that no-one needs to visit redhat.com, even though it's clearly not as good a site.
> (Well, I guess if you run windows you gotta get your service packs every few minutes
Nice casual aside there, guaranteed to pick up a few hundred replies. Nice one. But it's not true.
There is *one* service pack for Windows 2000 since release.
Let's look at the Linux equivalent shall we?
Have you ever tried installing Redhat?
I have, and I spent 3 hours downloading things from http://updates.redhat.com [redhat.com] and upgrading them.
This stuff about Windows needing service packs often is bull. Linux has far more service packs, because Microsft updates things all at once whereas with Linux you have to update individually.
Hell my grandmother could install a Windows service pack, but I can't see her upgrading bind when a security hole's found in that.
I don't mean to respond in such flameish terms, but I had no choice in this case. In one breath you say the story sucks, and then you throw in some highly childish and unprofessional insults against a site which represents a considerable portion of many people's lives.
We keep hearing from you how Slashdot is becoming the newspaper for the new millennium, how people are taking notice of it, and how it ranks alongside traditional media, but if you expect the kind of respect this implies, you are going to:
(a) learn how to spell. I'm not normally a spelling flamer (i.e. not for posters), but how can you expect people to take the site seriously when you can't even be bothered to read the post twice or put it through a spellchecker to find that 'its' is a possessive pronoun, whereas 'it's' is the contraction of 'it is' you where looking for.
(b) you're going to have to learn about journalistic standards. If you expect to be taken seriously, you can't write like that - you can't show such prejudice, and you can't show such a casual dismissal of America's biggest company.
You're not just a Perl hacker sitting around eating pizza and drinking Mountain Dew any more Rob - you're responsible for an important and valuable institution, and it's time you behaved like it.