Comments on: Server move

By: JB

JB — Fri, 21 Apr 2006 06:26:56 +0000

The central DNS servers are usually referred to as the “root servers”, and I believe there are about 13 of them.

Any complete failure of that set of machines is (as far as I know) completely theoretical. IIRC, there was a direct *intentional* DDoS attack on them and about 3 or 4 of them were out of commission, but that had nothing to do with DNS TTLs.

Technically, I still don’t think MS changing their TTL to 60 seconds would pose any such threat to the root servers, because all the other servers in the chain would still be caching the results all along the chain, just not for very long. So, at most, the root servers would just be getting 1 hit per minute from the DNS servers that are referring directly to them (which isn’t that many - most DNS requests go through a long chain), so I hardly see that bringing them down, because pretty much every DNS server between you and them would be working to cache those results, and your request would only ever traverse all the way to the root servers if none of the servers in that path had gone that far within the last minute.

Also, only DNS requests (not other traffic) goes to them, so it would be difficult for there to be that many requests (since those are so small) to really flood them.

I did a brief search to satisfy my curiosity, and I didn’t turn up much of anything other than the virus reference I previously mentioned. I would think this would be a huge enough story to still show up pretty easily in a quick search. I didn’t look into it too deeply, though, so if you find any links on it, go ahead and post them, because I’d be interested in hearing about it.

By: Dan

Dan — Fri, 21 Apr 2006 03:33:07 +0000

I remembered the net down for a day a long time ago, like 10 years ago.

The way it was explained to me it has very feasible. I’ll try to rehash it but I will most likely get some of it wrong.

Each user needs to be routed to a certain IP. There a lot of DNS servers that cache the IP’s of sites so the user can be routed to the IP directly without going to the *key* servers that run the web (this is where it gets foggy because if I remember right there are not a lot only 10+ in the world that route the internet). If the DNS servers had no cache because the TTL expired the user would be routed to the key servers making a bottle neck, choking and DDOSing the servers. And since these key servers are down the caching servers can’t update their caches resulting in a downage of the internet for all.

I wish I knew what the hell these key servers are called or remember how many. I’m sure you could shine some light.

By: JB

JB — Fri, 21 Apr 2006 00:08:14 +0000

Re: the MS thing; I’m not saying you’re wrong, just that I don’t remember the internet being “down” for a couple days. I think a lot of people probably would have noticed. But I also have a hard time believing that would necessarily bring it down anyway, so for now, I am skeptical.

By: JB

JB — Thu, 20 Apr 2006 23:52:41 +0000

Ya, I haven’t moved over everything yet. Sorry, should be wrapped up this evening.

By: Steve

Steve — Thu, 20 Apr 2006 20:21:26 +0000

Your file repository seems to be missing. Has it come over from the old server yet? I’m looking to download one of your plugins but can’t seem to obtain a proper URL.

By: Dan

Dan — Thu, 20 Apr 2006 18:55:11 +0000

I might have been misinformed but I specifically remember they did bring down the internet. Not a response of they might.

By: JB

JB — Thu, 20 Apr 2006 05:53:29 +0000

If I remember correctly, they had to do that in preparation for a virus that was set to do a DoS attack against microsoft.com, and they wanted to be ready in case they had to move the servers quickly. I don’t remember it actually causing a DoS, but rather being in response to a planned one. Maybe that’s what you were thinking of?

By: Dan

Dan — Wed, 19 Apr 2006 22:18:27 +0000

If you’re wondering why I knew about TTL it’s because of a story I heard or read about Microsoft accidentally changing their TTL to something like seconds or minutes instead of days like it should for them and they took the internet down because it was pretty much DoS all the DNS servers around the globe. Pretty funny story if you ask me.

By: JB

JB — Wed, 19 Apr 2006 20:29:13 +0000

Yes, I was talking about the TTL. That’s what I was saying: a lot of people will first shorten the TTL a couple weeks before they make a change, to try to get all the DNS servers to pick up the new short TTL value, so that when they actually make the IP address, change all those caches will expire sooner and get the new value more quickly. You do have to plan ahead for that though, so that the servers all pick up the shorter TTL before you actually make the address change.

You still do have to worry about it though, because some DNS servers do not honor the TTL from the source server, and cache the result anyway for days or even weeks.

Also, once you change the address, you should set the TTL back to a longer value, not just leave it short, because then you would be causing undue burden on your DNS server. The whole point of TTL and caching is to reduce the number of hits to your DNS server, so setting it short permanently will diminish the success of that goal.

By: Dan

Dan — Wed, 19 Apr 2006 18:52:33 +0000

I really doesn’t take that long, for instance I’m seeing your new server now.

At the bottom: you were referring to the TTL right? Because I was going to suggest you change that instead and then you wouldn’t have to worry at all.

So it looks like your good from here and I’d assume you’d be good for the other 98% of your visitors. Good job.