Forgot your password?
typodupeerror
Censorship The Internet Your Rights Online

Chinese Root Server Shut Down After DNS Problem 91

Posted by timothy
from the need-a-new-source-of-ginseng dept.
itwbennett writes "After a networking error first reported on Wednesday last week caused computers in Chile and the US to come under the control of a system that censors the Internet in China, the 'root DNS server associated with the networking problems has been disconnected from the Internet,' writes Robert McMillan. The server's operator, Netnod, has 'withdrawn route announcements' made by the server, according to company CEO Kurt Lindqvist."
This discussion has been archived. No new comments can be posted.

Chinese Root Server Shut Down After DNS Problem

Comments Filter:
  • Heads should roll (Score:2, Insightful)

    by bguiz (1627491) on Sunday March 28, 2010 @06:17AM (#31646398)

    Who knows, in the few days that the Great Firewall of China crossed the Pacific, the kind of damage that could have been done, or perhaps even already been done?

    This should never have been allowed to happen in the first place, and when it had, it shouldn't have been allowed to persist for a few days before being made public and taking action.

  • by ironicsky (569792) on Sunday March 28, 2010 @09:30AM (#31647108) Journal

    I blame American and Chile ISP's.
    Why on earth would you query the root server on the other side of the world, especially in an ass backwards country like China when there are plenty of good servers here?
    Shouldn't you query the closest available server, not the furthest?

  • by mysticalreaper (93971) on Sunday March 28, 2010 @10:17AM (#31647468)

    This should never have been allowed to happen in the first place, and when it had, it shouldn't have been allowed to persist for a few days before being made public and taking action.

    Well i think this unreasonably harsh. No one had ever seen the great firewall of china affect DNS traffic like this in the past. So no one (not even you) was suggesting that when they set up a root DNS server in Beijing, that it would effectively send out false answers.

    Now, anyone who controls a part of the network you rely on can launch a man-in-the-middle attack, which is what happened here. So to suggest that this should never have been allowed to happen, you would have to be using strong cryptography in some way. DNS has never had that mechanism--but it will soon, cause DNSSEC is coming along.The root servers are deploying it right now, and so are the other Top-level-domains.

    Also, as soon as the I-root server operators realized this problem was occurring, and was outside of their control, they disabled the server. Why do you think that they sat on this problem for a few days, doing nothing about it?

  • by mysticalreaper (93971) on Sunday March 28, 2010 @10:38AM (#31647614)

    Basically, your ideas are right. The idea is to query the closest server, for best performance. DNS data is very small, so there's not much financial concern about transmitting data across the world (which happens all the time on the internet)

    Anyway, the logical routing of the internet doesn't always match the physical world. This is routine, and not a problem until DNS traffic crosses the great firewall of China, and is modified, which is what happened here.

    Since this, route announcements have changed, and the Beijing server is not being queried.

    But you are also correct about ISPs. ISPs can control (if they are good) which root servers are going to be queried from their network.

    My overall point is that everything was operating routinely and correctly, until a new kind of DNS problem, not observed in the wild ever before, started happening. It's hard to expect the ISPs to prevent a problem they never knew would occur.

  • by Anonymous Coward on Sunday March 28, 2010 @11:47AM (#31648178)

    I really don't understand where this china-hate is coming from. What did they ever do to you? Let's cut 1.3 billion people off the internet because someone IN ANOTHER COUNTRY WHO IS NOT CHINESE misconfigured a server. Yeah that makes total sense.

    You're a fucking retard.

"Out of register space (ugh)" -- vi

Working...