FC: Microsoft websites blacked out -- but what happened?

Matt Cramer cramer at unix01.voicenet.com
Thu Jan 25 07:49:29 PST 2001


On Thu, 25 Jan 2001, jf noonan wrote:


> On Wed, 24 Jan 2001, Marco Anglesio wrote:
> >
> > Btw, I don't think that those machines are necessarily close
> > together. The IPs are, but the IPs probably translate to
> > dispersed locations inside the MSFT firewall. Or so I'd
> > expect. But perhaps I expect too much.
>
> That would be a pretty unusual thing to do with your *public*
> resolvers, to firewall/NAT them. It's quite unclear to me what
> the point would be.

To Marco's points - there is really no way that those IPs could be dispersed. No Teir 1 provider is going to advertise anything smaller than a /24 into the core routing table of the internet, and they only do that reluctantly (preferring a /19 or /20).

So even if they are dispersed inside the M$ firewall, it is still a terrible design. They are all on the same /27, so they are all getting advertised with the same route. If that route goes down - firewall failure, router misconfig, backhoe with a vengeance - then all their DNS servers are unavailable.

It is fairly common practice for a medium to large organisation to truly disperse their DNS servers among different subnets - ones that are advertised via different routes, removing the single point of failure.

This is all very basic infrastructure design and covered in the Grasshopper Book, and it is so incredibly amusing and fitting that M$'s own people don't understand these things, just like the Microserfs they churn out at their MCSE schools.


> If you can believe M$'s explanation of the problem, then a
> single router misconfiguration caused this problem. That is
> because all their DNS servers were on the same network, which is
> an incredibly broken design that violates all common engineering
> practice and several RFC's.

It is surprising that they admitted this level of incompetence.

Matt

-- Matt Cramer <cramer at voicenet.com> http://www.voicenet.com/~cramer/ Remember, no matter where you go, there you are.

-Buckaroo Banzai



More information about the lbo-talk mailing list