Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: H went down. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
H went down.

Well the bad news is the H root servers were not available for over 18 hours. The good news is that practically nobody noticed. As it turns out a fiber cut and poor weather took out access to this cluster of root DNS servers. https://lists.dns-oarc.net/pipermail/dns-operations/2010-October/006142.html shows the explanation for the outage. While the outage had no direct impact on Internet users, it does point out the necessity of proper design for redundancy. Graph of the H availability:

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS London December 2020

Adrien de Beaupre

353 Posts
ISC Handler
Oct 3rd 2010
This is awful. DNS is a robust protocol - but not a replacement for diversity (and backups).

Unless someone wrote "the service doesn't need to survive single-point failures." in the requirements document, it's woefully underengineered.
DomMcIntyreDeVitto

44 Posts
It's not underengineered. Nameservers use a hints file. Other roots use AnyCast.
http://en.wikipedia.org/wiki/Root_nameserver#Root_server_addresses
DomMcIntyreDeVitto
2 Posts

Sign Up for Free or Log In to start participating in the conversation!