The "misconfiguration" was apparently at the routing layer, caused by BGP. There are 13 DNS root servers, A-M. Several mirrors around the world actually share the same IP for a specific root server. Your DNS query to a root server IP is usually routed to the closest server with that IP, due to anycast routing. Apparently, a BGP misconfiguration caused an incorrect route to be advertised. Ars Technica apparently broke the story and has a very good description. They quote VeriSign spokesman Brad Williams:

"In our regular network checks, we recently noticed that routes were being announced outside of China for our anycast server there," Williams said in a statement. "As this was an aberration, we notified our technical partner in China and helped them resolve the issue. Our network checks show that the issue is now resolved."

Mauricio Vergara Ereche, a DNS Admin for Chile NIC, first noticed the problem. Queries to the I root server i.root-servers.net at IP 192.36.148.17 for www.facebook.com resolved to an actual IP address (in China) instead of redirecting to the .com DNS server as it should have. He posted this in his message to the dns-operations mailing list:

This is an example of what are wee seeing:

$ dig @i.root-servers.net www.facebook.com A

; DiG 9.6.1-P3 @i.root-servers.net www.facebook.com A

; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 7448
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.facebook.com. IN A

;; ANSWER SECTION:

www.facebook.com. 86400 IN A 8.7.198.45

;; Query time: 444 msec
;; SERVER: 192.36.148.17#53(192.36.148.17)
;; WHEN: Wed Mar 24 14:21:54 2010
;; MSG SIZE rcvd: 66

The manufacturer publishes sample data that a 6 mil (0.1524 mm) thickness attenuates signals in the 30-2000 MHz range by at least 58 dB (Shielding Effectiveness) and up to 78 dB.