Re: Microsoft spokesperson blames ICANN

[Henry Yen <henry () AegisInfoSys com>]

On Wed, Jan 24, 2001 at 06:01:29AM -0500, Greg A. Woods wrote:
> [ On Wednesday, January 24, 2001 at 13:09:45 (-0800), Roeland Meyer wrote: ]
> > Subject: RE: Microsoft spokesperson blames ICANN
> >
> > From our efforts, it is not at all surprising that someone, at MSFT, munged
> > the DNS configuration, totally. Even their best guru could have done it, due
> > to the murky nature of the config. I suspect that there are less than 100
> > ppl that could even have a clue, in this area, and they don't all have the
> > same pieces of clue.

{OBofftopic: hmm, look at the two timestamps, above.  did greg reply to roeland's
e-mail before it was written?}

by now i think we are realizing that it's probably more of some kind of
server-level/network-level attack, and not a DNS phuque-up.  i got
plenty o'pings earlier without nary a drop, although the nameservers
didn't reply.

{Important Point:} nevertheless:

> That's absolutely idiotic (of M$, that is !;-).  Even more idiotic than
> putting all their nameservers in one basket, so to speak.
>
> I'd bet any high-school kid who had any experience whatsoever at
> installing Linux or FreeBSD could no doubt blow a real OS and a native
> BIND install onto any sufficiently capable set of four machines in about
> an hour or so and provided that someone could cough up at least a
> half-baked zone file from somewhere to load on them they'd all be online
> and answering to the registered nameserver IP numbers in no time flat.
> Certainly in less than what's apparently going to be at least 23 hours
> now!

{Oblinux: there are a few itty-bitty "server" distro's out there that you
could probably load up in under 15 minutes.  also, the e-smith-style
"appliance" distros are also quick to load.}

> Heck I know a half dozen or more people around the world who would have
> put their dislike of M$ away for a short period and loaded a zone file
> or two on their own nameservers for M$ if only M$ could have managed to
> get the .COM zone updated with new delegations....  What ever happened
> in this community to asking the community for help when you're caught
> between a rock and a hard place?  (Not that a company the size of M$
> should have to ask for a handout -- they no doubt have significant IP
> connectivity in as many places around the world as almost anyone else!)

whoa, slow down...  microsoft apparently hasn't quite figured out what
hit them (and in these later hours there's implications that there is
more than one issue happening here).  any large company is gonna take
some non-trivial amount of time to figure things out so that the report
to the upper management (ultimately) will be complete, including not
only what happened, who's responsible, etc., but also what steps were
taken to keep it from happening again.  keeping running notes on all of
this just makes it slow.  take that resulting time and double it when a
company has claimed (and, y'know, perhaps it's true) in the past that
they possess clue.  and finally, take that second time and triple if
it's a public company (where somebody can get sued).

i'm not making excuses for microsoft, but more clueful companies have had
worse times of it, even in the recent past.  give 'em a chance.

> MS has nothing and no-one to blame but their own stupidity and arrogance
> in this.  Meanwhile they're so damn big and "important" to so many users
> that this outage is having both a direct and an indirect negative impact
> on a lot of ISPs around the world!  "Hey!  The Internet must be broken
> if I can't get to M$.COM!"

whoa!  whoah!!  take it easy... chill... let's kick 'em when and where they
deserve it, after all the smoke clears.  until then, i think this forum should
be supportive of internet-connected networks that are facing big troubles.
whatever is happening to microsoft today could happen to someone far
dearer tomorrow (or today, of course).  we all might learn something
useful from this.  (and maybe not.)

> No, what's needed is for M$ to learn that they need to deploy software
> that's capable of the task even if it didn't come from a box and doesn't
> have their logo branded on it.  Squishing things together that were
> never meant to be squished together is only going to cause a big mess.
> Err, has already caused a big mess, at least for M$ and those who deal
> with them!  ;-)
>
> They'd also do well to learn a bit about network geography and just
> exactly how authoritative nameserver visibility from various locations
> on this wonderful Internet of ours can directly affect their bottom
> line!

try: http://secondary.easydns.com

-- 
Henry Yen                                       Aegis Information Systems, Inc.
Senior Systems Programmer                       Hicksville, New York