Microsoft Reveals the source of the problems (pasted here in case this message dissapears later on.: http://www.microsoft.com/info/siteaccess.htm Microsoft Explains Site Access Issues On Tuesday evening and Wednesday, many Microsoft customers had difficulty accessing the company's Web sites. The cause has been determined, and the issue is resolved. At 6:30 p.m. Tuesday (PST), a Microsoft technician made a configuration change to the routers on the edge of Microsoft's Domain Name Server network. The DNS servers are used to connect domain names with numeric IP addresses (e.g. 207.46.230.219) of the various servers and networks that make up Microsoft's Web presence. The mistaken configuration change limited communication between DNS servers on the Internet and Microsoft's DNS servers. This limited communication caused many of Microsoft's sites to be unreachable (although they were actually still operational) to a large number of customers throughout last night and today. This was an operational error, and not the result of any issue with Microsoft or third-party products nor the security of our networks. Microsoft regrets any inconvenience caused to customers due to this issue. At approximately 5 p.m. Wednesday (PST), Microsoft removed the changes to the router configuration and immediately saw a massive improvement in the DNS network. All sites are currently available to customers. Again, Microsoft apologizes for the inconvenience. ----- Original Message ----- From: "Jim Duncan" <jnduncan@cisco.com> To: "Sean Donelan" <sean@donelan.com> Cc: <nanog@merit.edu> Sent: Wednesday, January 24, 2001 9:30 PM Subject: Re: Microsoft spokesperson blames ICANN
Sean Donelan writes:
Microsoft appears to be blaming ICANN for the failure with Microft's domain name servers (all located at the same place at Microsoft).
Microsoft has yet to pin down the cause of the DNS error. "It can be a system or human error, but somebody could also have done this intentionally," De Jonge said. "We don't manage the DNS ourselves, it is a system controlled by the Internet Corporation for Assigned Names and Numbers (ICANN) with worldwide replicas."
I have read that article many, many time today, trying to see how you came to that conclusion and I don't get it. To reach that conclusion, you've clearly quoted them out of the context of the larger article. Even to reach that conclusion from the small part you quoted requires a logical leap that is inappropriate, if not outright incorrect.
I personally worked on that case for nearly eight hours today, right up until the resolution. I can tell you it was a learning experience for everyone involved. There were clearly some mistakes made, but it is also the case that there were a _lot_ of different things going on that contributed to the problem or complicated its resolution.
However, jumping to such a conclusion is out of line, especially with the clout and respect you have on this mailing list. It has inflamed the responses of dozens of list members who want nothing more than to smack back at Microsoft, regardless of the truth in their statements.
Microsoft did *not* blame ICANN in that article. I wouldn't put it past a spokesperson, Microsoft or otherwise, to make that mistake, but that clearly wasn't the case here. Let's not complicate the issue by making the same mistakes in our own comments.
Thanks.
Jim
-- Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc. <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> E-mail: <jnduncan@cisco.com> Phone(Direct/FAX): +1 919 392 6209