Three Root Servers Knocked Out By Attacks; Internet Keeps On Ticking
from the is-that-all-you've-got? dept
There's been some fear in the past about the fact that a key part of keeping the internet running, the core "root servers," are somewhat vulnerable. There are only 13 root servers, and taking them all out would cause quite a problem. So far, though, attacks have been unable to do so. Nearly five years ago, all 13 were attacked, taking out seven or eight of them for a period of time -- though the others picked up the slack and there were no noticeable problems. The latest story is that some sort of attack from hackers took down three of the servers, the biggest attack since the ones in 2002. Some of the attacks went on as long as 12 hours. Again, there was no noticeable impact for most users. However, the question is being raised again about whether using just 13 root servers is really safe. A few years back, there was a suggestion that it might be a lot safer to set up some sort of peer-to-peer system to better distribute the root servers among many more machines. It doesn't seem like that idea got much traction (and it certainly has its downsides as well), but it will be interesting to see if the latest attacks get people discussing this question once again, and whether or not they have any creative solutions.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Answer
[ link to this | view in thread ]
There's more than just
[ link to this | view in thread ]
Probably impractical by all means, but consider wh
Personally I'd host 1 server as a geuinea pig and let everyone in the world try and bring it down, those who're successful give them $1,000 to have them show you what flaws have been overlooked. Maybe not something that "simplistc," but a similar system to stress test the equipment against possible outside attacks would seem to be at the very least a good place to start.
[ link to this | view in thread ]
wow
[ link to this | view in thread ]
Forgive me.
[ link to this | view in thread ]
As pointed out before, there are more than 13 root nameservers. The 13 letters exist in different locations in different continents, using unicast for decentralization.
Why was there no noticable difference for most users? DNS requests get cached somewhere along the way and you rarely end up querying the root servers; and many more 'root' nameservers can fill up the gap.
[ link to this | view in thread ]
No mention of anycast
See http://www.root-servers.org/ for details and the complete list of the sites.
[ link to this | view in thread ]
long live google
[ link to this | view in thread ]
Re: Buzz and Anonynoob
I never knew about these supposed 13 servers. I never knew that the Internet had such a focused core.
and...
Core servers? I just assumed that the internet was made up of interconnected servers (one for each domain).
The words "Client" and "Server" are more like concepts than physical machines. A "client" requests information or services from another machine called a "Server". A "Server" provides that information or service. Any device connected to the internet can be either, and quite often both. "Peer to Peer" or "P2P" is a situation where a machine is both client and server for the same type of service or information.
That said, there are millions of servers on the internet. There are thousands alone that respond to the address http://www.google.com/, for instance (making multiple machines answer a single name is called clustering - this will be important later). The servers spoken of here, though, are a special type of server providing a special type of information - Domain Name Resolution.
Computers think in numbers. Each device on the internet has an IP address, often expressed as 4 3-digit numbers seperated by periods (255.255.255.255). This represents a 32-bit number providing a little over 4 billion possible addresses. Your computer finds another computer - like TechDirt or Google - by its numerical address.
Domain Name Resolution is sort of like the phone book your computer uses to find the numerical address it should go to when you ask for Google.
Let's look at how to read a domain name. Every period indicates a new heirarchial level and a new Zone of Authority. Reading the domain name from right to left takes you from the trunk all the way out to your destination. "www.google.com" is in the top-level domain (or TLD) "com", in which is the domain "google", in which is a machine called "www".
The objective for DNS is to find the authoritative name server for your request. Your web browser sends the request to your ISP's name servers, which send the request up the tree until they find a server that can say with authority where Google's nameservers are. NOT where Google's machine "www" is, but where its nameservers are.
The machines that do this are the TLD name servers, or the root name servers, of which there are 13 clusters, each with hundreds of machines.
If you take out these root servers, you have taken out the top level of authority that directs you to Google's nameservers. Google's machines will probably still be running, but if you can't find them that doesn't do you a lot of good. The attack was essentially aimed at the trunk of a heirarchial tree. Like any tree, if you do enough damage to the trunk, the whole thing falls over.
This does not make the internet stop working. It will probably make it nearly unusable for common end users, but all of those numeric addresses I talked about before? They're still there, and they are what really make things talk to each other. If you happen to know Google's IP address, then you can still use Google, for instance.
So, yeah - that should give you a better idea of what's going on. Keep in mind that I've glossed over some points, ignored others, and possibly blantantly misrepresented one or two, but essentially this is what's going on.
[ link to this | view in thread ]
So who did this?
[ link to this | view in thread ]
CTFO
And even though very few of the total requests go to the root servers, and as nice as it is to think that the internet would still technically function without any DNS/domains at all, using IP addresses, this is simply not true.
The LARGE majority of internet users have no idea what an IP address is, how to use it, or how to find it. In fact, it has become quite obvious that many people don't even know what a URL is, or how to use an address bar. As is indicated by people searching for "google" on yahoo. Even homepages are set by domain. So effectively, without DNS, for millions and millions of users, the internet would be broken.
[ link to this | view in thread ]
h4x0rs
I could be out of line here, but why the rush to condemn them?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Buzz and Anonynoob
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
The local domain name servers store information about domains so the majority of the internet would continue to function for a relativly long time even if all of the root servers were taken out.
This isn't quite true either. It is true that your local DNS caches lookups, and will serve from the cache directly if it has an entry. It has to refresh that entry from time to time, though, based on the "time to live" (TTL) dictated by the authoritative server for the query (meaning Google's, or TechDirt's, or whatever - not yours). Your server will refresh from its upstream server, which will refresh from its upstream server. Eventually everything leads back to the TLD. If the TLD is gone, the refresh doesn't happen.
The effects would start showing immediately, and DNS would effectively die somewhere around the median TTL set by servers worldwide. That'd be about 1 to 2 days.
[ link to this | view in thread ]
Re: h4x0rs
And the 9/11 terrorists were just testing the structural integrity of our skyscrapers.
[ link to this | view in thread ]
13 roots but duplicate sites
Of course, the net was originally designed to avoid
a single point failure (from nuclear war.)
[ link to this | view in thread ]
server??
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Buzz and Anonynoob
[ link to this | view in thread ]
Re: Re: h4x0rs
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: server??
[ link to this | view in thread ]
Re: Re: h4x0rs
[ link to this | view in thread ]