DNS disorder Vkontakte and other companies
As you know, the DNS system on the Internet is one of the key. Without it, it is impossible to imagine the current state of the network.
Any error in the publication of DNS records, or even short-term inoperability of this service can lead to very sad results, such as the loss of traffic from users. On the other hand, DNS is extremely well scaled and tolerant to single server failures.
DNS is important, professionals understand this. And despite this, mistakes in the management of it are found even among the largest companies. And they are not noticed by them until they lead to significant problems.
For example, the list of DNS errors for a non-required Vkontakte company:
Registrar vk.com has the following list of authoritative domain servers:
The authoritative servers on Vkontakte themselves have the following list:
It is different from the list at the registrar!
')
Moreover, the server
Skype and Microsoft error:
Authority Section does not return in response to requests to cloudapp.net .
In particular, in the response to the type of request “
Twitter and Dyn error:
In responses to requests to platform.twitter.com with the type of
Accordingly, if we have already cached this answer to the type of the
The errors of the listed companies are more than described in this article, but because of the reluctance to overload the article, I allowed myself not to publish them.
All published errors were relevant on May 7, 2016. At that moment when you will read this article, they may no longer be.
Any error in the publication of DNS records, or even short-term inoperability of this service can lead to very sad results, such as the loss of traffic from users. On the other hand, DNS is extremely well scaled and tolerant to single server failures.
DNS is important, professionals understand this. And despite this, mistakes in the management of it are found even among the largest companies. And they are not noticed by them until they lead to significant problems.
For example, the list of DNS errors for a non-required Vkontakte company:
Registrar vk.com has the following list of authoritative domain servers:
- ns1.vkontakte.ru
- ns2.vkontakte.ru
- ns3.vkontakte.ru
- ns4.vkontakte.ruThe authoritative servers on Vkontakte themselves have the following list:
- ns1.vkontakte.ru
- ns2.vkontakte.ru
- ns4.vkontakte.ruIt is different from the list at the registrar!
')
Moreover, the server
ns2.vkontakte.ru [93.186.224.100] does not respond to requests, at least for several days.Skype and Microsoft error:
Authority Section does not return in response to requests to cloudapp.net .
In particular, in the response to the type of request “
AAAA ” to skypeecs-prod-euw-0-b.cloudapp.net . Because of this, a negative response to such a request cannot be cached, since it is unclear how much time this can be done if the RFC is strictly observed.Twitter and Dyn error:
In responses to requests to platform.twitter.com with the type of
NS requests for the Dyn server, the servers serving Twitter respond that such a record does not exist. At the same time, they respond to any other type of requests to the same name with the CNAME record.Accordingly, if we have already cached this answer to the type of the
NS request, if we strictly comply with the RFC standards, we cannot cache the CNAME in the answer to the same name for other types of requests. Actually, in this case, the behavior of the caching recursive server is not deterministic by standards and is left to the merge of the programmer’s own logic.The errors of the listed companies are more than described in this article, but because of the reluctance to overload the article, I allowed myself not to publish them.
All published errors were relevant on May 7, 2016. At that moment when you will read this article, they may no longer be.
Source: https://habr.com/ru/post/283116/
All Articles