Microsoft's Web Woes

dow084

Junior Member
Jul 29, 2000
6
0
0
Hi Everyone,

I'm just curious if someone could please explain to me exactly why Microsoft's web servers were so vulnerable these last few days. Apparantly, the story is that some tech guy misconfigured the router(s) that provide access to Microsoft's DNS servers. And, seeing as how they were all on the same subnet, none of the servers were accessible and thus Microsoft's websites all were unreachable. Then, realizing this flaw, a bunch of script kiddies did a DDoS attack on the DNS router(s). Shutting down the websites again.
My questions are, just because Microsoft's DNS servers were unreachable, why did everyone lose access. Shouldn't DNS information be propagated throughout the Internet? Thus if one or two servers go down, other servers contain the same mapping information?
Or, since Microsoft was hosting its own DNS internally, shutting them down prevented their servers from reaching other servers' internal addresses? Shouldn't DNS information on each computer be cached?

Thanks,

Dennis
 

Russ

Lifer
Oct 9, 1999
21,093
3
0
The DNS servers contain the zone files for the domain. While it is true that the information is propogated throughout the web, name servers only cache the information for a specified period of time. This is called TTL (Time To Live), and must be refreshed as it expires.

Thus, with the DNS servers down, there was no information available and the files expire.

In addition, these servers are "authoritative" for the domain. They are where the internet looks first when trying to convert the name to the number.

The way I understand it is that even if the information has not expired in the other name servers around the world, access can still crap out if the DNS servers of record are down.

There's a lot more to this stuff that I'm not familiar with, but we've a ton of people around here that can fill in the blanks.

Russ, NCNE