So, does anyone know what really is going on (from a technical POV) ? On Wed, Jan 24, 2001 at 01:29:30PM -0600, Dave McKay wrote:
Sean Donelan (sean@donelan.com) wrote:
Well, AT&T couldn't fix the problem, but at least their customer service people knew there was a problem and were willing to attempt contact with someone at Microsoft.
Most Microsoft sites (Microsoft.com, MSN.com, Hotmail.com, etc.) are affected. The Microsoft technical team is troubleshooting this issue.
Hotmail has had no impact regarding this issue.
-- Dave McKay dave@sneakerz.org Microsoft Global Network Architect
Info also available on CNN as of 2:19 pm EST. http://www.cnn.com/2001/TECH/computing/01/24/microsoft.blackout.idg/index.ht... Reading it now... Chuck
Well, whether Microsoft gets their DNS records fixed or not in the root zones (assuming that's even the problem), they STILL won't get much traffic from some avenues. Packet loss rates to many destinations off ATT's network range from 50% to 100% Looking at traces to Microsoft's DNS servers (which are all hosted on the same ISP backbone, bad idea) shows 50% packet loss right now from ATT Broadband. It's possible the servers will actually answer DNS queries, but the protocols don't survive all that well in the face of 50% or greater packet loss. Looks like several problems in the wild today... -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranth.com
In message <3A6F3FB8.FA526852@senie.com>, Daniel Senie writes:
Looking at traces to Microsoft's DNS servers (which are all hosted on the same ISP backbone, bad idea) shows 50% packet loss right now from ATT Broadband. It's possible the servers will actually answer DNS queries, but the protocols don't survive all that well in the face of 50% or greater packet loss.
Past evidence (like times in 1987 and 1988 when we ran the DNS over links with 50% loss and higher, and experience on the bottlenecked trans Atlantic cable a few years back) suggests the DNS works pretty well with high loss regimes. Craig
On Wed, Jan 24, 2001 at 03:48:56PM -0500, Daniel Senie wrote:
Looking at traces to Microsoft's DNS servers (which are all hosted on the same ISP backbone, bad idea)
which is why i ensure my DNS is RFC2182 compliant. ns.reptiles.org Toronto, Canada ns2.reptiles.org Karachi, Pakistan -- [ Jim Mercer jim@pneumonoultramicroscopicsilicovolcanoconiosis.ca ] [ Reptilian Research -- Longer Life through Colder Blood ] [ aka jim@reptiles.org +1 416 410-5633 ]
jamie rishaw (jamie@arpa.com) wrote:
So, does anyone know what really is going on (from a technical POV) ?
Microsoft's ITG is investigating this issue. I haven't been clued in as of yet as to what is the main issue. Hotmail's graphs and logins are currently following the same trends as normal, they seem unaffected, however this is not the case in all locations. DNS seems to be the obvious choice for the blame. This is not the case in all areas, however. At this point Microsoft is not willing to put the blame on anyone, or any protocol for that matter. (Unless they already released a public statement saying so, then who knows?) Anyway, the issues are being worked on and service will be restored as soon as possible. I apolozise for not being able to disclose more information. -- Dave McKay dave@sneakerz.org Microsoft Global Network Architect
http://www.wirednews.com/news/business/0,1367,41387,00.html Looks like they're still denying the DDOS possibility but are doing so with less enthusiasm. Packet loss appears to be constrained to the last hop, so it's feasible that this is the result of a targetted attack. "we are horribly sorry, please put yourself in our shoes and have a little patience." -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On Wed, Jan 24, 2001 at 01:32:21PM -0800, Eric A. Hall wrote:
Looks like they're still denying the DDOS possibility but are doing so with less enthusiasm. Packet loss appears to be constrained to the last hop, so it's feasible that this is the result of a targetted attack.
Imagine what happens when all cached RRs expire worldwide. With people hammering for microsoft.com DNS resolution. This can easily translate to a "DDoS" to the four listed nameservers :-> A kinda self-brewn DDoS, because they don't manage to get backup DNS servers up before all the cached RRs expire. :-] Someone please send them a copy of DNS&Bind?
Oh, come on.... If you query direct to Microsoft's DNS servers, they return MX records happily, but they time out rather then return an A record. This seems more obviously like a software problem, rather then DDoS, or ICANN, who apparently controls Microsoft's DNS servers (laugh out loud) "We don't manage the DNS ourselves, it is a system controlled by the Internet Corporation for Assigned Names and Numbers (ICANN) with worldwide replicas." On Wed, 24 Jan 2001, Dave McKay wrote: | | jamie rishaw (jamie@arpa.com) wrote: | > So, does anyone know what really is going on (from a technical POV) ? | | Microsoft's ITG is investigating this issue. I haven't been clued in as | of yet as to what is the main issue. Hotmail's graphs and logins are | currently following the same trends as normal, they seem unaffected, | however this is not the case in all locations. DNS seems to be the | obvious choice for the blame. This is not the case in all areas, however. | At this point Microsoft is not willing to put the blame on anyone, or | any protocol for that matter. (Unless they already released a public | statement saying so, then who knows?) Anyway, the issues are being worked | on and service will be restored as soon as possible. I apolozise for not | being able to disclose more information. | | -- | Dave McKay | dave@sneakerz.org | Microsoft Global Network Architect | | --- Rev. Chris Cappuccio -=- http://www.dqc.org/~chris/ "If you don't turn on to politics, politics will turn on you" - Ralph Nader
I'll just point out a few lines I wrote. I have tried to be polite about all of this. Chris Cappuccio (chris@dqc.org) wrote:
Oh, come on....
If you query direct to Microsoft's DNS servers, they return MX records happily, but they time out rather then return an A record.
This seems more obviously like a software problem, rather then DDoS, or ICANN, who apparently controls Microsoft's DNS servers (laugh out loud)
"We don't manage the DNS ourselves, it is a system controlled by the Internet Corporation for Assigned Names and Numbers (ICANN) with worldwide replicas."
Microsoft's ITG is investigating this issue. I haven't been clued in as of yet as to what is the main issue. I apolozise for not being able to disclose more information. -- Dave McKay dave@sneakerz.org Microsoft Global Network Architect
On Wed, 24 Jan 2001, Dave McKay wrote:
I'll just point out a few lines I wrote. I have tried to be polite about all of this. Microsoft's ITG is investigating this issue. I haven't been clued in as of yet as to what is the main issue. I apolozise for not being able to disclose more information.
Ok, I wasn't going to say this, but Microsoft has been absolutely ridiculous about blaming other people, so I'm going to say it; it's not directed personally at you, it's directed at the morons who wrote your DNS software, and the even bigger morons who insist that It's-Not-A-Microsoft-Problem-Because-Microsoft-Is-Perfect: topaz.nstc.com used to run Microsoft DNS. After a while, having tried repeatedly to get MSDNS to actually *serve* the zone files I had set up, and having not been successful, I switched to Bind 8 and have had no problems since. You might want to try Bind 8. -- Steve Sobol, BOFH, President 888.480.4NET 866.DSL.EXPRESS 216.619.2NET North Shore Technologies Corporation http://NorthShoreTechnologies.net JustTheNet/JustTheNet EXPRESS DSL (ISP Services) http://JustThe.net mailto:sjsobol@NorthShoreTechnologies.net Proud resident of Cleveland, OH
participants (10)
-
Charles Scott
-
Chris Cappuccio
-
Craig Partridge
-
Daniel Roesen
-
Daniel Senie
-
Dave McKay
-
Eric A. Hall
-
jamie rishaw
-
Jim Mercer
-
Steven J. Sobol