Name server problems? or did Microsoft forget to pay their bill again?
It seems like a number of Microsoft related web sites have vanished. www.msnbc.com www.microsoft.com I've tried from both AT&T and Earthlink, and can't reach them. The name servers don't seem to be returning valid answers. If they are in your cache, it works. But after clearing the cache, nada. I noticed name server problems earlier this evening. Is this spreading?
On Tue, Jan 23, 2001 at 11:05:48PM -0800, Sean Donelan wrote:
It seems like a number of Microsoft related web sites have vanished.
Seems to be Microsoft server problems...
www.msnbc.com
$ dig msnbc.com @a.root-servers.net ;; AUTHORITY SECTION: msnbc.com. 2D IN NS DNS4.CP.MSFT.NET. msnbc.com. 2D IN NS DNS5.CP.MSFT.NET. ;; ADDITIONAL SECTION: DNS4.CP.MSFT.NET. 2D IN A 207.46.138.11 DNS5.CP.MSFT.NET. 2D IN A 207.46.138.12 Hmmmm $ dig www.msnbc.com @207.46.138.11 ;; res options: init recurs defnam dnsrch ;; res_nsend to server 207.46.138.11: Connection timed out $ dig www.msnbc.com @207.46.138.12 ;; ANSWER SECTION: www.msnbc.com. 1H IN CNAME msnbc.com. msnbc.com. 1H IN A 207.46.150.254 msnbc.com. 1H IN A 207.46.238.109 msnbc.com. 1H IN A 207.46.238.23 msnbc.com. 1H IN A 207.46.238.24 msnbc.com. 1H IN A 207.46.238.26 msnbc.com. 1H IN A 207.46.150.205
www.microsoft.com
$ dig microsoft.com @a.root-servers.net ;; AUTHORITY SECTION: microsoft.com. 2D IN NS DNS4.CP.MSFT.NET. microsoft.com. 2D IN NS DNS5.CP.MSFT.NET. microsoft.com. 2D IN NS DNS7.CP.MSFT.NET. microsoft.com. 2D IN NS DNS6.CP.MSFT.NET. ;; ADDITIONAL SECTION: DNS4.CP.MSFT.NET. 2D IN A 207.46.138.11 DNS5.CP.MSFT.NET. 2D IN A 207.46.138.12 DNS7.CP.MSFT.NET. 2D IN A 207.46.138.21 DNS6.CP.MSFT.NET. 2D IN A 207.46.138.20 $ dig www.microsoft.com @207.46.138.11 ;; res_nsend to server 207.46.138.11: Connection timed out $ dig www.microsoft.com @207.46.138.12 ;; res_nsend to server 207.46.138.12: Connection timed out $ dig www.microsoft.com @207.46.138.21 ;; res_nsend to server 207.46.138.21: Connection timed out $ dig www.microsoft.com @207.46.138.20 ;; res_nsend to server 207.46.138.20: Connection timed out
I've tried from both AT&T and Earthlink, and can't reach them.
The name servers don't seem to be returning valid answers. If they are in your cache, it works. But after clearing the cache, nada.
I noticed name server problems earlier this evening. Is this spreading?
-- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 To send me mail, use the address in the From: header
When will all the idiots who think they know how to configure DNS, but obviously don't, learn that they can't get away with having all their nameservers on the same network no matter how well connected that network might appear to be under the best of conditions, or how many different directions the fiber leaves the building/campus? As you can see for MICROSOFT.COM everything's apparently in one place, network geography-wise: Domain servers in listed order: DNS4.CP.MSFT.NET 207.46.138.11 DNS5.CP.MSFT.NET 207.46.138.12 DNS6.CP.MSFT.NET 207.46.138.20 DNS7.CP.MSFT.NET 207.46.138.21 Those addresses might be in a /16 in allocation: Microsoft (NETBLK-MICROSOFT-GLOBAL-NET) MICROSOFT-GLOBAL-NET 207.46.0.0 - 207.46.255.255 and whois.ra.net shows a /18 for their routing: $ whois -h whois.ra.net 207.46.138.11 Route: 207.46.128.0/18 descr: MS-CP origin: AS8070 mnt-by: MICROSOFT-MAINT-CW changed: judithsh@microsoft.com 20001024 source: CW but I'd almost be willing to bet that all those machines are in the same building, and maybe even in the same room (and if not they're probably at least all on the same campus). Even if they have tunnels routing these addresses to machines in diverse physical locales, they don't seem to have managed to eliminate any significant number of the serious failure scenarios. Seems I can at the moment get to *one* of their nameservers: $ host -C microsoft.com microsoft.com NS DNS4.CP.MSFT.NET Nameserver DNS4.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS4.CP.MSFT.NET, try again microsoft.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS5.CP.MSFT.NET, try again microsoft.com NS DNS7.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200) !!! microsoft.com SOA primary dns.cp.msft.net is not advertised via NS microsoft.com NS DNS6.CP.MSFT.NET Nameserver DNS6.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS6.CP.MSFT.NET, try again but it's not one that's registered for MSNBC.COM.... Domain servers in listed order: DNS4.CP.MSFT.NET 207.46.138.11 DNS5.CP.MSFT.NET 207.46.138.12 $ host -C msnbc.com msnbc.com NS DNS4.CP.MSFT.NET Nameserver DNS4.CP.MSFT.NET not responding msnbc.com SOA record not found at DNS4.CP.MSFT.NET, try again msnbc.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding msnbc.com SOA record not found at DNS5.CP.MSFT.NET, try again I can however eventually (took one retry and quite a few seconds!) get an answer for www.mnbc.com it seems: $ host -a www.msnbc.com www.msnbc.com CNAME msnbc.com msnbc.com NS DNS4.CP.MSFT.NET msnbc.com NS DNS5.CP.MSFT.NET msnbc.com A 207.46.238.109 msnbc.com A 207.46.238.23 msnbc.com A 207.46.238.24 msnbc.com A 207.46.238.26 msnbc.com A 207.46.150.205 msnbc.com A 207.46.150.254 Wow! Would you look at that! They may even have their web servers more diversely placed on the network than they do their nameservers! If only Microsoft were the only ones that made this kind of inevitably fatal (at least from a DNS point of view) mistake..... :-( One would think that a company with the obvious resources and power they have would have registered nameservers on every major backbone on the planet, and then some (right up to the maximum possible!). I don't want my nameservers to disappear from any part of the net at any time, and I'm sure they don't either. I've only got three for my home domain (with really only two separate network paths to them), but I'm not a multi-national corporation either! Oh, and just as I'm about to send this off I see one more server cough up replies (guess that's where I got the msnbc.com A RRs from too): $ host -C msnbc.com msnbc.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding msnbc.com SOA record not found at DNS5.CP.MSFT.NET, try again msnbc.com NS DNS4.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012205 1800 900 7200000 3600) !!! msnbc.com SOA primary dns.cp.msft.net is not advertised via NS $ host -C microsoft.com microsoft.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS5.CP.MSFT.NET, try again microsoft.com NS DNS7.CP.MSFT.NET Nameserver DNS7.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS7.CP.MSFT.NET, try again microsoft.com NS DNS6.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200) !!! microsoft.com SOA primary dns.cp.msft.net is not advertised via NS microsoft.com NS DNS4.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200) -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
It seems like a number of Microsoft related web sites have vanished.
I noticed name server problems earlier this evening. Is this spreading?
windowsupdate.microsoft.com was also really sporadic for a while earlier, but I was able to eventually get an answer. As you suggested, connections to the hosts are going through fine once you get an answer. dns4.cp.msft.net. through dns7.cp.msft.net (the auth servers) are pinging fine but DNS queries sent to those hosts timeout. The address block does appear to belong to Microsoft so... maybe they misconfigured their firewall or sumtin. Also noticed extremely high levels of packet loss to them earlier but that appears to be straightened out. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Weirdness, they're returning a response (albeit 35 seconds after the request) for MX records, however, an A lookup for microsoft.com times out.. efnt01:exile {114} dig microsoft.com @207.46.138.12 -- ; <<>> DiG 2.2 <<>> microsoft.com @207.46.138.12 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; res_send to server 207.46.138.12: Connection timed out -- efnt01:exile {113} dig microsoft.com MX @207.46.138.12 ; <<>> DiG 2.2 <<>> microsoft.com MX @207.46.138.12 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59973 ;; flags: qr aa rd ra; Ques: 1, Ans: 5, Auth: 0, Addit: 5 ;; QUESTIONS: ;; microsoft.com, type = MX, class = IN ;; ANSWERS: microsoft.com. 7200 MX 10 mail1.microsoft.com. microsoft.com. 7200 MX 10 mail2.microsoft.com. microsoft.com. 7200 MX 10 mail3.microsoft.com. microsoft.com. 7200 MX 10 mail4.microsoft.com. microsoft.com. 7200 MX 10 mail5.microsoft.com. ;; ADDITIONAL RECORDS: mail1.microsoft.com. 7200 A 131.107.3.125 mail2.microsoft.com. 7200 A 131.107.3.124 mail3.microsoft.com. 7200 A 131.107.3.123 mail4.microsoft.com. 7200 A 131.107.3.122 mail5.microsoft.com. 7200 A 131.107.3.121 ;; Total query time: 35277 msec ;; FROM: efnt01 to SERVER: 207.46.138.12 ;; WHEN: Wed Jan 24 00:16:21 2001 ;; MSG SIZE sent: 31 rcvd: 221 -- Matt Levine, CTO <mlevine@efront.com> eFront Media, Inc. - http://www.efront.com Phone: +1 714 428 8500 ext. 504 Fax : +1 949 203 2156 ICQ : 17080004 -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Eric A. Hall Sent: Tuesday, January 23, 2001 11:51 PM To: Sean Donelan Cc: nanog@merit.edu Subject: Re: Name server problems? or did Microsoft forget to pay their billagain?
It seems like a number of Microsoft related web sites have vanished.
I noticed name server problems earlier this evening. Is this spreading?
windowsupdate.microsoft.com was also really sporadic for a while earlier, but I was able to eventually get an answer. As you suggested, connections to the hosts are going through fine once you get an answer. dns4.cp.msft.net. through dns7.cp.msft.net (the auth servers) are pinging fine but DNS queries sent to those hosts timeout. The address block does appear to belong to Microsoft so... maybe they misconfigured their firewall or sumtin. Also noticed extremely high levels of packet loss to them earlier but that appears to be straightened out. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Sean; Sounds like it was corruption of the DNS table : http://www.msnbc.com/news/519306.asp from the article The database that includes this information is called a DNS Table. On Saturday, MyDomain.com accidentally released a DNS table to the world that was full of errors, Lau said. The mistakes meant a small fraction of Web surfers trying to visit Yahoo.com were instead sent to an IP address inside MyDomains.com. In addition to misdirecting Yahoo.com and Microsoft.com visitors, surfers trying to reach MSN.com and a host of .net sites also ended up at MyDomains.com. In about a four-hour period Saturday, some 50,000 new clicks were registered on the MyDomains page, and the number was still rising at 5 a.m. ET. Reminds me of Eugene Kashpureff... Sean Donelan wrote:
It seems like a number of Microsoft related web sites have vanished.
www.msnbc.com www.microsoft.com
I've tried from both AT&T and Earthlink, and can't reach them.
The name servers don't seem to be returning valid answers. If they are in your cache, it works. But after clearing the cache, nada.
I noticed name server problems earlier this evening. Is this spreading?
-- Regards Marshall Eubanks Multicast Technologies, Inc. 10301 Democracy Lane, Suite 201 Fairfax, Virginia 22030 Phone : 703-293-9624 Fax : 703-293-9609 e-mail : tme@on-the-i.com http://www.on-the-i.com
On Wed, 24 Jan 2001, Marshall Eubanks wrote:
The database that includes this information is called a DNS Table. On Saturday, MyDomain.com accidentally released a DNS table to the world that was full of errors, Lau said. The mistakes meant a small fraction of Web surfers trying to visit Yahoo.com were instead sent to an IP address inside MyDomains.com.
Reminds me of Eugene Kashpureff...
hardly. the issue with mydomain.com is that certain *nix's have it listed in /etc/resolv.conf (or the specific equivalent) as an example although it's commented out. your joe-intelligent administrator apparently decided to uncomment it. to my knowledge, mydomain.com didn't do anything illegal, where as eugene decided to get zerocool. actually, i find it slightly funny. -ken harris toronto, canada
On Wed, 24 Jan 2001, ken harris. wrote:
Reminds me of Eugene Kashpureff...
hardly.
the issue with mydomain.com is that certain *nix's have it listed in /etc/resolv.conf (or the specific equivalent) as an example although it's commented out. your joe-intelligent administrator apparently decided to uncomment it.
I actually think this is rather funny myself, too. Never underestimate human stupidity. At a software company where I recently worked, people couldn't understand why I suggested so strongly that they remove things like "company.com" and "hostname.com" from their sample configuration files, and replace them with clearly bogus domain names like "example.domain". Why is mydomain.com still resolving domains for random hosts? If it stops, the problem will quickly get corrected. __ L. Sassaman Security Architect | "The only cure for Technology Consultant | sadness is learning" | http://sion.quickie.net | --Thomas Jefferson
haha check this out (sorry if someone already posted this) [DING!]> whois microsoft.com [whois.internic.net] Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. MICROSOFT.COM.WILL.LIVE.FOREVER.BUT.LUNIX.SUCKS-BYBIRTH.ARTISTICCHEESE.COM MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.ORG MICROSOFT.COM.OWNED.BY.MAT.HACKSWARE.COM MICROSOFT.COM.N-AIME.BILL.QUE.QUAND.IL.N-EST.PAS.NU MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG MICROSOFT.COM.IS.SOON.GOING.TO.THE.DEATHCORPORATION.COM MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERRORISTS.NET MICROSOFT.COM.IS.NOTHING.BUT.A.MONSTER.ORG MICROSOFT.COM.IS.NO.MATCH.FOR.THE.UEBER-GEEKS.AT.JIMPHILLIPS.ORG MICROSOFT.COM.IS.GOD.BUT.LINUX.SUCKS-FOREVER.ARTISTICCHEESE.COM MICROSOFT.COM.IS.BORING.COMPARED.TO.TEENEXTREME.COM MICROSOFT.COM.IS.AT.THE.MERCY.OF.DETRIMENT.ORG MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBVERSIVES.NET MICROSOFT.COM.HAS.NO.LINUXCLUE.COM MICROSOFT.COM.HACKED.BY.PSYKOJOKO.ON.A.ROOT-NETWORK.COM MICROSOFT.COM.HACKED.BY.HACKSWARE.COM MICROSOFT.COM.GUTS.NL MICROSOFT.COM.FAIT.VRAIMENT.DES.LOGICIELS.A.TROIS.FRANCS.DOUZE.ORG MICROSOFT.COM.ER.IKKE.NO.I.FORHOLD.TIL.LATHANS.NET MICROSOFT.COM.AINT.WORTH.SHIT.KLUGE.ORG MICROSOFT.COM To single out one record, look it up with "xxx", where xxx is one of the of the records displayed above. If the records are the same, look them up with "=xxx" to receive a full display for each record.
Last update of whois database: Wed, 24 Jan 2001 11:29:23 EST <<<
The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars. On Wed, 24 Jan 2001, L. Sassaman wrote:
On Wed, 24 Jan 2001, ken harris. wrote:
Reminds me of Eugene Kashpureff...
hardly.
the issue with mydomain.com is that certain *nix's have it listed in /etc/resolv.conf (or the specific equivalent) as an example although it's commented out. your joe-intelligent administrator apparently decided to uncomment it.
I actually think this is rather funny myself, too.
Never underestimate human stupidity. At a software company where I recently worked, people couldn't understand why I suggested so strongly that they remove things like "company.com" and "hostname.com" from their sample configuration files, and replace them with clearly bogus domain names like "example.domain".
Why is mydomain.com still resolving domains for random hosts? If it stops, the problem will quickly get corrected.
__
L. Sassaman
Security Architect | "The only cure for Technology Consultant | sadness is learning" | http://sion.quickie.net | --Thomas Jefferson
-------------- -- ---- ---- --- - - - - - -- - - - - - - Tony Bourke tony@vegan.net
participants (9)
-
Eric A. Hall -
John Payne -
ken harris. -
L. Sassaman -
Marshall Eubanks -
Matt Levine -
Sean Donelan -
tony bourke -
woods@weird.com