[dns-operations] The strange case of fox.com
rgoodson at gronkulator.com
Fri Mar 4 15:05:12 UTC 2016
On 3/3/16 7:52 PM, Dave Warren wrote:
> On 2016-03-02 18:09, Rich Goodson wrote:
>> In the instance that I brought up, undergoing excommunication of the
>> zone successfully might have made the DNS better as a whole (making
>> the world a better place), but it would not have solved my problem.
>> My problem was that users couldn't get to a web site some of the time
>> to pay their credit card bill or check their balance (more
>> accurately, my problem was having to listen to the complaining that
>> ensued). If I, instead of implementing a workaround, got domain
>> excommunicated, then instead of my users not being able to get to a
>> web site some of the time, now they can't get to it ever.
> For varying degrees of "ever": if one of my domains or my customer's
> domains were removed from the root due to technical issues, I'd
> address those technical issues and get my domain re-instated. You do
> realize that this isn't a case of removing the domain forever, just
> until it's properly configured, correct?
And here I assumed zone excommunication involved removing the delegation
from the upstream provider, powering off any hosting servers, removing
their hard drives, putting them through an NSA style hard disk shredder,
removing the physical machine, selling it on Ebay, then burning the
datacenter to the ground, covering the site with dirt using bulldozers
and then salting the earth afterwards. Silly me.
I apologize if that sounded harsh. I thought it was funny, but I've
been traveling and am tired. What I meant to say is, "Who tests it over
and over for proper configuration? Who decides when it's proper? Why
wouldn't they instead just threaten a lawsuit demanding that their
domain be turned back on? For many corporations that's an easier route
than looking to fix an underlying technical issue. (Not the lawsuit
itself, just the threat of one. That's usually sufficient, anyway.) It
was already working well enough for them, clearly."
Also, who is to say that I can't have a misconfigured domain if I want
to? I have a misconfigured delegation right now that I created for
educational purposes for a friend of mine who works at a major hosting
provider. I created it so that he could demonstrate this very issue
that we're talking about to customers and people he works with. If my
domain was removed with the condition that I "fix" my deliberate
misconfiguration, I'd be livid.
> Sure, some tiny percentage of domains might pack it up and take up a
> new hobby, but for any business that wants people to pay their bills,
> buy their services, view their ads, or otherwise do the things that
> justify the expense of a having an internet presence,
> they'll hire someone competent and fix the issue.
It appears that they hired someone competent who fixed it some 18 months
>> The only benefit to me would have been no longer hearing "it works on
>> Google's DNS".
> I think you're either thinking only 17 minutes ahead here; give it at
> least 30 minutes for someone to get paged, respond, frantically review
> the fundamentals of DNS delegation and fix things up. Once the
> underlying problem is resolved, it would work on Google's DNS, yours,
> mine, and everyone else's.
I hosted DNS at the time for just over a million customers. Since this
was a delegation problem, I can guarantee you that we weren't the only
ones experiencing this issue. Given they had a significant percentage of
their customer base for whom their stuff was intermittently broken
already, AND that they didn't respond to emails sent to any whois
contacts, or root, or hostmaster|postmaster, or calls to multiple of
their physical locations; I think it's a bit optimistic to think that
removing their delegation will get them to fix their problem in an
additional 13 minutes. Their monitoring at best would probably be
reporting the state of their name server machine and possibly their
server process and query their authoritative servers for a particular
record. None of that monitoring will tell them anything about their
delegation, else they would have known about the problem already.
Plus, my job title at the time was not, "Person Assigned To Attempt To
Make Improvements To The Internet". My job (or about 15% of my job) was
to make sure our customers could resolve DNS. After multiple days spent
imitating Don Quixote on this issue already, my fake delegation "fixed"
the problem, at least for my customers. I had no more time to spend on
> We might still hear "It works on Google's DNS", to which you would
> reply "Yup, and it works on mine too!"
How cheerful you make me sound. As you can tell from the above, I'm
clearly a curmudgeon.
More information about the dns-operations