×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

207 comments

TPB (1, Funny)

Anonymous Coward | more than 4 years ago | (#29732877)

They are going to extremes in Sweden to get thepiratebay.org off the internet!

Re:TPB (0)

Anonymous Coward | more than 4 years ago | (#29733361)

I was going to riff on that but you beat me to it. But I would have said:

Apparently the *aa's are also too stupid to realize that just because The Pirate Bay admins are Swedish, it doesn't mean that TPB has a .se tld.

That way, it would have been funny.

No big deal (2, Informative)

RPoet (20693) | more than 4 years ago | (#29732895)

The downtime lasted 30 minutes, and most domains were probably cached by nameservers anyway.

Re:No big deal (3, Informative)

wsanders (114993) | more than 4 years ago | (#29732973)

Yeah, been there done that. *My* fumble only brought 10,000 domains down for about 10 minutes, and no one noticed. (I think all the domains hosted only cat pictures anyway.)

Sorry, that's as big a responsibility as any employer has ever deemed suitable for my incompetent ass.

Re:No big deal (0)

Anonymous Coward | more than 4 years ago | (#29733025)

That's OK. If you were competant you might not be inclined to get out of computers. Which you should.

Re:No big deal (5, Funny)

eldavojohn (898314) | more than 4 years ago | (#29732987)

The downtime lasted 30 minutes, and most domains were probably cached by nameservers anyway.

I once viddied an animated documentary about a small town in Colorado that lost the internet for 22 minutes [wikipedia.org]. It was not pretty. Our hearts and minds go out to you, people of Sweden. I cannot even fathom what that would be like ... I hope the looting and rioting has died down with the restoration of the internet.

Re:No big deal (2, Insightful)

scott_karana (841914) | more than 4 years ago | (#29733111)

While the impact of this is no big deal, it's still kind of scary that the people running a decently-sized ccTLD would make such a novice mistake on their zonefile.

Re:No big deal (2, Insightful)

MrMista_B (891430) | more than 4 years ago | (#29734395)

You expect them to be absolutely perfect all the time no matter what, forever and ever? /That's/ unrealistic.

unless you are swedish (1)

circletimessquare (444983) | more than 4 years ago | (#29733179)

i don't think you have a right to call this no big deal

the internet is becoming more and more vital to our lives

its "no big deal" until you need to know something off the internet right now, high stakes

Re:unless you are swedish (3, Insightful)

CharlyFoxtrot (1607527) | more than 4 years ago | (#29733243)

its "no big deal" until you need to know something off the internet right now, high stakes

I need to know what a fourteen year old thinks about copyright law and I need to know it NOW [smbc-comics.com] !

Re:unless you are swedish (3, Insightful)

Hyppy (74366) | more than 4 years ago | (#29733277)

The Internet was started as, and always has been, a "best effort" network. If a packet gets through, great. If not, well, it's not the end of the world. People have tried to code more and more resilient protocols on top to be as robust as possible, but in the end it's a very fragile system that can go down quite easily.

Anything sufficiently "high stakes" shouldn't rely on an unreliable medium.

Re:unless you are swedish (2, Funny)

CannonballHead (842625) | more than 4 years ago | (#29733395)

If a packet gets through, great. If not, well, it's not the end of the world.

Sounds like a lot of cities' approaches to freeway systems/traffic control.

Re:unless you are swedish (1)

medlefsen (995255) | more than 4 years ago | (#29733713)

What are you talking about? Yes, for a single packet it's best effort, but you're ignoring all the other technologies and protocols that make up the internet. Assuming there is *some* route to the destination and enough bandwidth to support the extra packets that come from resending large amounts of lost packets and the Internet will always work. Don't confuse the low level architecture with the reliability of the entire infrastructure. Of course, all of that is irrelevant to this particular problem because this wasn't a connection problem but a software configuration error.

Re:unless you are swedish (1)

clemdoc (624639) | more than 4 years ago | (#29733351)

In which case you should have been thinking about taking your own precautions.

Re:unless you are swedish (0)

Anonymous Coward | more than 4 years ago | (#29734383)

I never noticed that anything was down...

hmm slashdot.org wikipedia.org mywebmailthatIwontslashvertise.fm thepiratebay.org Guess only my online bank and local news source use .se , didn't have need for either at the time. /cheers from the polarbears

Re:No big deal (4, Funny)

CorporateSuit (1319461) | more than 4 years ago | (#29733417)

The downtime lasted 30 minutes, and most domains were probably cached by nameservers anyway.

I didn't notice the DNS freak out, but I did notice the internet's smug meter had dropped about 30%.

Re:No big deal (5, Insightful)

eln (21727) | more than 4 years ago | (#29733561)

The actual downtime is no big deal, but the reason it happened is. Evidently, the registrar for an entire country's domain likes to roll out changes to the primary zone file without any sort of testing or syntax checking first. Simply having a small network (one or two computers) running a test root server, and running your scripts against that first, would have discovered the bug.

DNS is very simple, but it's just as prone to human error as anything else. If you're responsible for the records of a large number of domains (like, say, an entire country), you probably ought to take some time to develop proper testing and change control procedures before you fiddle with it. It sounds like these guys didn't take it seriously enough and got burned. I hope they'll learn their lesson from this and change their procedures.

Re:No big deal (0)

Anonymous Coward | more than 4 years ago | (#29734015)

At least the offending missing character was a visible character. When I worked for a major telecomm here in the US, one of our partner companies submitted a text file generated on a *nix machine. Ergo, each line feed simply contained the LF. After editing the file from a Windows machine the LF would, silently, be replaced by Notepad.exe with a CRLF. Before I discovered this little problem, it would literally rock our world and the whole house of cards would mysteriously come crumbling down. It took some time for me to discover that it was indeed this little file's use of the LF.

I found it more interesting that the reason why the partner company didn't want to muck with it was because the file would be 'validated' with their servers. The inclusion of two CRs threw off the checksum value and nothing would work.

At least these guys could simply open the file and discern what the problem was. Yeah, shame on them.

Re:No big deal (1)

corbettw (214229) | more than 4 years ago | (#29734093)

No big deal? No big deal??? Where the hell else am I supposed to go to look at pictures of hot Swedish women hitting the nightclub scene (in a way that's at least a little SFW) if I can't get to http://www.thelocal.se/ [thelocal.se]?

There goes my favorite web site ! (3, Funny)

Anonymous Coward | more than 4 years ago | (#29732903)

Goat.se

Re:There goes my favorite web site ! (2, Funny)

Tetsujin (103070) | more than 4 years ago | (#29733579)

Goat.se

Huh... that's interesting. I've never heard of that one before... I think, though, that based on your recommendation I'll share the link with the rest of the office. I've seen a lot of your posts here in Slashdot, Anonymous Coward, and all the ones I've seen have been pretty highly rated, so I'm guessing you wouldn't link me to a website that wasn't interesting.

Re:There goes my favorite web site ! (1)

TaoPhoenix (980487) | more than 4 years ago | (#29734069)

(humor)
The satellite Microsoft Retro Fan Site Windows98.se also went down.

And look. My sig this month is all about your joke.
(No Closing tag. The humor never ends.)

Re:There goes my favorite web site ! (0)

Anonymous Coward | more than 4 years ago | (#29734565)

so I'm guessing you wouldn't link me to a website that wasn't interesting.

It's interesting all right. In a "May you live in interesting times" Chinese curse sort of way.

I downloaded.. (0)

Anonymous Coward | more than 4 years ago | (#29732953)

it all off Pirate Bay already.

An oft overlooked single point of failure? (0)

Anonymous Coward | more than 4 years ago | (#29733003)

Wouldn't it be better if you could have 2 totally independent firms managing each top-level domain name? Sure it'd be some work to make sure updates get to each of them; but it might protect against things like this.

Re:An oft overlooked single point of failure? (3, Interesting)

sexconker (1179573) | more than 4 years ago | (#29733163)

Uh, it would make no difference.
DNS is hierarchical, and has teh caching.

2 independent groups running DNS would strive to make sure they sync with each other quickly - thus all failures would sync quickly too.

The difference between
  - the delay of a correct change propagating across the two firms running DNS
  - the delay of an incorrect change propagating within a single DNS

would essentially be zero.

No good things could come from what you propose unless it was specifically designed to have a 24 hour delay or something.

Can't get to milkmaids.se ? Try milkmaids.se via DNS2 to get a 24-hour old version.

This is something the CURRENT DNS system could support - explicitly calling for older versions.

In fact, it might be worthwhile. Somebody write an RFC.

Re:An oft overlooked single point of failure? (1)

Otto (17870) | more than 4 years ago | (#29733971)

You can't protect against a single point of failure when you're talking about a person updating a system. Redundancy protects against computer error, not human error.

See, ultimately, somebody, somewhere has to be responsible for the name updating. Having it in two places just means that an incorrect update gets pushed to both places by the person making the change.

In this case, the effects were minimized by the nature of DNS itself, and the caching mechanisms involved. Most servers probably never saw the changes. Those that did will get their caches cleared fairly rapidly, and the effect is minimal.

Re:An oft overlooked single point of failure? (0)

Anonymous Coward | more than 4 years ago | (#29734365)

"You can't protect against a single point of failure when you're talking about a person updating a system."

Of course you can.

When transcribing medical records, double-or-triple keying the data is the norm.

If it were an entirely different company maintaining the redundant copy, it's very unlikely they would manually re-create the same mistake.

change control / management, anyone? (5, Insightful)

SuperBanana (662181) | more than 4 years ago | (#29733063)

I seriously hope someone is fired or loses a contract over this. Where was the validation, change control, etc? I would expect that at the TLD level, a change to a configuration file would have to be inspected by someone AND run through some syntax-checking scripts...

As for the person who was modded up for saying "hey, no big deal, fixed in 30 minutes!", not quite. DNS servers (and individual computers!) cache negative results. Anything anyone did a query on during those 30 minutes will be negatively cached by their system and their local DNS server. Granted, a whole lot of local Swedish ISPs and network providers have probably flushed their DNS server caches, but it's still going to seriously impact traffic to many, many sites, especially for everyone outside Sweden.

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733165)

Why would anyone outside of Sweden want to access a .se domain anyway?

Re:change control / management, anyone? (4, Funny)

Anonymous Coward | more than 4 years ago | (#29733299)

Sweden porn?

IKEA instruction manuals?

Re:change control / management, anyone? (1)

Abreu (173023) | more than 4 years ago | (#29733675)

Sweden porn?

IKEA instruction manuals?

For some reason, this came to my mind after reading your post: IKEA Erotica [tvtropes.org]

Re:change control / management, anyone? (1)

Aphoxema (1088507) | more than 4 years ago | (#29733251)

It really isn't a big deal. The mistake was made, the world has the opportunity to learn from it and the economic impact was probably small but scalable enough to take seriously.

Now if it happened again I'd hope action were taken... don't be so vengeful, SuperBanana!

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733311)

F*** You! I right code for airplane fuel management systems and there is no need for review or even testing. Design is almost non-existent, too. Our design process goes as follows Late on Thursday with a Friday deadline. We go out to our local bar for some drinks. After, a bit of squabbling we right the requirement down on some napkins; pick our programming language with help of a dart board. Get back to the office, well, most of us are actually are going there for first time this week. We ship whatever code we get done by 5 pm. Never had any code problems.

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733623)

We ship whatever code we get done by 5 pm. Never had any code problems.

Of course anyone with the described schedule would NEVER have code problems.

(Except for lack of... LOL)

Re:change control / management, anyone? (1)

soup4you2 (571216) | more than 4 years ago | (#29733335)

Might be a small issue, but no reason to get somebody fired over.. People make mistakes all the time.

Re:change control / management, anyone? (1)

icebraining (1313345) | more than 4 years ago | (#29734423)

Yes, that's why we have testbeds. The problem is not the missing character or whatever, is testing stuff before making a change in a system which affects thousands of websites.

Re:change control / management, anyone? (2, Insightful)

e2d2 (115622) | more than 4 years ago | (#29733465)

I'll go one better and say we should try him in a military tribunal and sentenced to hard time in ADX. That will send the world a message - NO MISTAKES OR ELSE.

Get real man, this is a human error. Your struggle for perfection baffles my monkey brain.

Re:change control / management, anyone? (4, Funny)

Mathness (145187) | more than 4 years ago | (#29733467)

I seriously hope someone is fired or loses a contract over this.

You'll be happy to know that the person responsible have been found. The person in question was described as having unusual bushy eyebrows and speaking in a thick Swedish accent. His last comment about the incident, before being dragged away, was "bork bork bork".

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733507)

Thank you, i needed a good laugh today :)

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733589)

Wow, what a whiny little brat you are. Did mummsy drop wyou on your heady-boos?

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733597)

In my experience, excessive paperwork makes such things more likely, not less.

"Change control" in particular. PHBs don't make good programmers, and only PHBs think "change control" means more than "testing your code".

Re:change control / management, anyone? (3, Insightful)

davebooth (101350) | more than 4 years ago | (#29734055)

Right AND wrong in one post :)

Excessive paperwork like 30 min to fill out a change request form to do something like make a 30 second edit to a config file and sighup a daemon is stupid and you'll hear no argument from me on that. Change control per se however, is essential, particularly in a large enterprise. Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree without cvs (or svn or $REPOS_OF_CHOICE, analogy holds either way.)

The problem is not change control, its the way it is implemented. Change control methodology is designed by PHBs who haven't actually done the tech work in years, if they ever did. It's then scribbled all over by a "business analyst" who thinks a sigpipe is a plumbing problem and by the time guys actually doing the work get hold of it it has become a nightmare of procedural BS when all you really needed was a way to make sure everything you do to a live production system is documented and that anything other than emergency break-fix at least got basic testing and a second pair of eyes looking at it before rolling it out.

Re:change control / management, anyone? (1)

amorsen (7485) | more than 4 years ago | (#29734213)

Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree without cvs (or svn or $REPOS_OF_CHOICE, analogy holds either way.)

I hate to break it to you, but until 2002 the Linux kernel was managed without automated version control. It worked quite well, actually.

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733621)

Yeah, you don't live in Sweden, that's what I'm hearing.

Fire someone for making a mistake or error? Not in this country.

Sweden, where the unions protect your ass

Re:change control / management, anyone? (1)

CRiMSON (3495) | more than 4 years ago | (#29733667)

I hope you get fired when you make you a mistake.

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29733895)

...when you make you a...

You're fired!

Re:change control / management, anyone? (0, Flamebait)

CRiMSON (3495) | more than 4 years ago | (#29734403)

And your a fucking douche.. I guess we're even...

Re:change control / management, anyone? (1)

cjeze (596987) | more than 4 years ago | (#29733709)

To Err Is Human, To Forgive Divine.

Even with validation, change control etc errors can occur. Even with the most rigorous testing errors can happen, just look at NASA they are rocket scientists and even they make mistakes every now and then. Next time it could be you.

Re:change control / management, anyone? (1)

Phred T. Magnificent (213734) | more than 4 years ago | (#29733739)

If this is the first time the responsible party has made a mistake like this, then it probably doesn't need to be a career-terminating experience.

With that said, though, you're entirely right that there should have been validation and change control!

Re:change control / management, anyone? (1)

marc_gerges (561641) | more than 4 years ago | (#29733997)

I seriously hope someone is fired or loses a contract over this.

It seems a silly idea to fire somebody just after having invested $(whatever_this_snafu_is_supposed_to_have_cost) into his education.

Re:change control / management, anyone? (5, Insightful)

RabidMonkey (30447) | more than 4 years ago | (#29734063)

As a DNS admin myself, touching high value zones, let me tell you, missing a stupid dot happens all the time. All the change control in the world doesn't help when you just don't type one little period. Even more helpfully, most tools won't notice and the zone will pass a configuration check because missing the trailing "." is syntactically correct.

Let me add as well that "change management" that you want is just fantastic .. no making changes during core hours. When you run a 24/7 business, non-core hours means something like 2am. at 2am, I, and most mammals, are not at their mental best, so missing a single dot isn't horribly hard.

The only thing I'd suggest they do is use an offline test box for zones, then promote that change to prod. Then, you can load all the mistakes you want, do your digs, and if stuff works, THEN you move it to prod. I never ever make changes on production servers, they are done offline, tested, then put into prod with scripts. It makes it a lot harder for missing periods to make it into production.

Finally, this is a good reason why negative caching should have low TTLs. If you run a DNS server that can't handle low neg-caching TTLs, it's time to upgrade from a 386.

Cheers.

Re:change control / management, anyone? (1)

drinkypoo (153816) | more than 4 years ago | (#29734377)

I think the big failure here is that anyone is ever editing the file by hand. It should be created programatically and edited only with a tool so that an error like this can never happen. (Of course, other errors are possible; now you have to vet your code. But the tool need not be complex, and in fact should be small enough to be provable if you so desire.)

Re:change control / management, anyone? (0)

Anonymous Coward | more than 4 years ago | (#29734409)

Of course they stage this kind of stuff. It's a top level domain. Do you think they would get the contact to run it if they didn't? In one of the world's most wired nations? (Together with other northern European states and South Korea.)

Somehow a bug in the script that moved out the zone to production caused this. And none of the tests caught it. We don't know the details yet. But it caused big disruptions, that's for sure.

Also, upgrade from a 386? A TLD with a million records and running dnssec in production? I don't think you fully understand the scope of running these things. The talk about negative caching also leads me to believe you haven't thought this through.

Re:change control / management, anyone? (2, Insightful)

Chris Mattern (191822) | more than 4 years ago | (#29734451)

Even more helpfully, most tools won't notice and the zone will pass a configuration check because missing the trailing "." is syntactically correct.

Not if the configuration check you wrote checks for the trailing "." anyways. And if it doesn't, you need to rewrite it.

Re:change control / management, anyone? (1)

Burdell (228580) | more than 4 years ago | (#29734543)

Obviously, it passed syntax-checking, or the server wouldn't have loaded it. What you are looking for is semantic-checking, which is much more difficult. I expect that the generation scripts will be expanded to check for more things; that's generally what happens (you check for what you can think of, and expand the checking when someone thinks of a better way to break things).

Negative caching (in BIND anyway) tops out at 3 hours (it looks like .se has it set to 2 hours). The NS record TTL is 2 days, so only about 1/96 of servers regularly looking up .se entries would have made a request during the 30 minute window.

As for somebody being fired for making one relatively simple mistake: were you fired from McDonald's, Burger King, and Wendy's every time you dropped a fry on the floor?

ObQuote: "Ok! Ok! I must have, I must have put a decimal point in the wrong place or something. Shit. I always do that. I always mess up some mundane detail."

So I guess it's... (5, Funny)

6Yankee (597075) | more than 4 years ago | (#29733093)

...borked!

Re:So I guess it's... (0)

Anonymous Coward | more than 4 years ago | (#29733171)

If it was IS (Iceland), then yes.

Re:So I guess it's... (1)

vandelais (164490) | more than 4 years ago | (#29733201)

I'm chopping up the zone files if that's ok with you (tosses random shyte over shoulder)
We'll scoop up all the trailing dots and put them in the stew

BORKBORKBORK!

Let me be the first to say: (0)

Anonymous Coward | more than 4 years ago | (#29733119)

bork, bork, bork...

Ah, the joy of automated oopsies. (1)

palegray.net (1195047) | more than 4 years ago | (#29733129)

One missing character, repeated a whole lot of times, results in an entire TLD going offline. Awesome.

The trailing dot! (0)

Anonymous Coward | more than 4 years ago | (#29733287)

Well then, the title should be: Entire .SE . TLD Drops off the internet

Swedish Nameservers Bork Bork Bork'd! (0)

Anonymous Coward | more than 4 years ago | (#29733291)

Film at Eleven.

somewhere in sweden: (2, Funny)

nimbius (983462) | more than 4 years ago | (#29733295)

an admin has popped back from lunch and asked, "hey guys did someone turn my computer off while i was gone? there was a file i was working on......"

DNS is the problem (4, Interesting)

cthulhuology (746986) | more than 4 years ago | (#29733315)

It still boggles my mind that anyone thought zone files are a good idea. The file format is so damn brittle, that a single byte can spell disaster. On top of that, the hierarchical naming structure presents an inherent systemic risk for all sub-domains as exhibited by this .se fiasco. Nevermind the injection attacks, Pakistan taking out Youtube, and the rest, you have organizations like Verisign which profit immensely off of keeping the system broken. And don't even bother mentioning DNSSEC, as it still doesn't resolve this fundamental issue. The next systemic fuckup will simply be a signed fuckup.

Re:DNS is the problem (1)

mypalmike (454265) | more than 4 years ago | (#29733429)

And your robust solution to a scalable global directory of name-to-ip address mapping is... ?

Re:DNS is the problem (5, Funny)

Anonymous Coward | more than 4 years ago | (#29733463)

Regedit32.exe

Re:DNS is the problem (0)

Anonymous Coward | more than 4 years ago | (#29734021)

What about DHT?

Re:DNS is the problem (3, Insightful)

upside (574799) | more than 4 years ago | (#29733449)

Except the Pakistan affair was about the BGP routing protocol. I agree the file format is nutty, though.

I can't think of a better alternative to the hierarchical system, perhaps you have a suggestion. A flat namespace would be an administrative impossiblity, not to mention the stress it would put on name servers. Increasing the number of TLDs would lessen the impact of a single failure, though.

Re:DNS is the problem (2, Insightful)

RalphSleigh (899929) | more than 4 years ago | (#29733451)

Pakistan taking out Youtube had absolutely nothing to do with DNS, they wrongly propagated a BGP announcement for the youtube IPs outside of Pakistan, so about 1/3 of the internet routed traffic into their black hole instead of to Youtube. Pretty effective blocking had they kept it internal, but they didn't.

Re:DNS is the problem (2, Informative)

Skuld-Chan (302449) | more than 4 years ago | (#29733975)

Well in the 1980's when the RFC was written for zone files (1034/1035) it probably sounded like a perfectly sound way to configure this sort of thing, same with DNS in general (RFC's for which were also written in the 1980's).

If it were invented from scratch today I'm sure it would resemble something like LDAP.

The fact we haven't had more mass DNS failures like this is actually surprising.

Re:DNS is the problem (1)

divisionbyzero (300681) | more than 4 years ago | (#29733999)

It still boggles my mind that anyone thought zone files are a good idea. The file format is so damn brittle, that a single byte can spell disaster. On top of that, the hierarchical naming structure presents an inherent systemic risk for all sub-domains as exhibited by this .se fiasco. Nevermind the injection attacks, Pakistan taking out Youtube, and the rest, you have organizations like Verisign which profit immensely off of keeping the system broken. And don't even bother mentioning DNSSEC, as it still doesn't resolve this fundamental issue. The next systemic fuckup will simply be a signed fuckup.

Yes, it's a shame you were still in diapers when this solution was developed. They could have benefited from your vast wisdom. Or maybe not, if you think the problem with YouTube in Pakistan was due to DNS rather than BGP.

Re:DNS is the problem (2, Insightful)

bwalling (195998) | more than 4 years ago | (#29734133)

You do recognize that most of the protocols and specifications running the Internet are decades old, right? The fact that they've lasted this long is really rather impressive.

Besides, if we redesigned it now, it would be insanely complex and bloated, not to mention never fully implemented (CSS? ha!), as there would be too many parties "contributing".

Re:DNS is the problem (5, Informative)

photon317 (208409) | more than 4 years ago | (#29734165)

Part of the problem with DNS these days, which your post exemplifies, is that from very early on "BIND's implementation of DNS", and "DNS The Protocol" have been mashed together and confused by the RFC authors (who were involved with the BIND implementation and had motive to encourage the world to think only in BIND terms) and basically everyone who ever used DNS in any capacity. Zonefiles are not implicit in DNS address resolution (neither for authoritative servers or recursive caches). They really aren't any part of the wire DNS protocol for resolving names. They *are* part of a wire protocol for secondary servers that slave zonefiles from primary servers, but even in that case it's really more a "BIND convention" than a necessity. Ultimately how you transfer a zone's records from a master server to a slave server is up to however those two servers and their administrators agree to do so. You can skip the AXFR protocol that uses zonefiles and instead do something else that works for both of you. Inventing a new method of slaving zone data is easy and doesn't involved much complicated rollout. Some people just rsync zonefiles for instance instead of using AXFR today.

It's really frustrating (believe me, I've done it) when you try to implement a new DNS server daemon from scratch from the RFCs, and you have to wade through this mess of "what's a BIND convention that doesn't matter and what's important to the actual DNS protocol for resolving names on the wire".

Re:DNS is the problem (0)

Anonymous Coward | more than 4 years ago | (#29734495)

It still boggles my mind that anyone thought zone files are a good idea. The file format is so damn brittle, that a single byte can spell disaster.

What's a zonefile? I use Dynamic Update for all my DNS maintenance, you insensitive clod!

More signs that the Idiocracy is fast approaching (0)

Eggplant62 (120514) | more than 4 years ago | (#29733499)

Computers only do what the programmer tells them to do. Way to go, Sven, you fubared that script, eh?

Minimally-Intrustive Cleanup (BIND-specific) (0)

Anonymous Coward | more than 4 years ago | (#29733601)

1. rndc dumpdb -all
2. grep some variant of "NS.*\.se\.se" out of the dump file
3. rndc flushname for each one

This works for relatively-small caches. In my case, only 40 flushnames were necessary. It might not be an option to do manually for big huge ISP caches, although it could be automated quite easily.

Why MaraDNS uses a special zone file format (2, Interesting)

MaraDNS (1629201) | more than 4 years ago | (#29733733)

This is why MaraDNS [maradns.org] (my open-source DNS server) uses a special zone file format.

MaraDNS uses a zone file format that, for the most part, resembles BIND zone files. However, the zone file format has some minor differences so the common "Forgot to put a dot at the end of a hostname" and the "forgot to update the SOA serial number" problems do not happen; a domain name without a dot at the end in a syntax error in MaraDNS' zone file parser; if you want to end a hostname with the name of the zone in question, this has to be explicitly specified with a .% at the end of the hostname.

There is also a mechanism for automatically generating SOA records, or having a SOA record where the serial is automatically updated based on the "last write" timestamp for the zone file.

For people who want to use their BIND zonefiles, there is included a Python script that converts a BIND zonefile in to MaraDNS' similar zone file format.

NSD (1)

funkboy (71672) | more than 4 years ago | (#29733791)

If they were using NSD [nlnetlabs.nl] like the RIPE does for K root [root-servers.org], the zone compiler wouldn't have compiled the faulty zone file and the parser would have made noise about it. NSD is very hard to break as the zone files must be compiled into a database before loading. The parser simply refuses to compile when there are zones with errors in them, so the database it creates will never be bogus (similar to the way a compiler won't create an executable if the source code violates its rules).

There's møre to Sweden than .se (5, Funny)

93 Escort Wagon (326346) | more than 4 years ago | (#29734263)

Wi nøt trei a høliday in Sweden this yer?

See the løveli lakes

The wonderful telephøne system

And mani interesting furry animals

Re:There's møre to Sweden than .se (4, Funny)

rainmaestro (996549) | more than 4 years ago | (#29734529)

We apologise for the fault in the previous post. Those responsible have been sacked.

oop.se (0)

Anonymous Coward | more than 4 years ago | (#29734285)

Maybe time to write up a wee little test suite as part of the zone build process, hmm?

OMG... (0)

Anonymous Coward | more than 4 years ago | (#29734381)

møøsë bit the sÿstëm ædministratør!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...