disturbance of the name service for de domains on may 12
play

Disturbance of the Name Service for .de Domains on May, 12 th 2010 - PowerPoint PPT Presentation

Oct 05, 2022 •273 likes •403 views

Disturbance of the Name Service for .de Domains on May, 12 th 2010 Joerg Schweiger <schweiger@denic.de> ICANN / ccNSO Meeting, Cartagena, December 2010 Outline 1. Impact 2. Chronology of the incident from an external perspective 3.

  1. Disturbance of the Name Service for .de Domains on May, 12 th 2010 Joerg Schweiger <schweiger@denic.de> ICANN / ccNSO Meeting, Cartagena, December 2010

  2. Outline 1. Impact 2. Chronology of the incident from an external perspective 3. Incident handling • Analysis • Confining and fixing the bug 4. Follow-up actions and respective status 2

  3. Impact What happened? 12 of DENIC's 16 name server locations loaded a zone file that contained only about one third of the .de domain records Effect  NXDOMAIN replies for domains that did actually existing  Undeliverable e-mails  Effects on various other applications (using the DNS) „Proclaimer“ : Other zones served and cooperation partner weren‘t effected! 3

  4. Chronology of the incident from an external perspective … DENIC received calls from the community that “ something’s wrong with the internet ” and thus initially became aware of the problem  count ZERO of incident handling • 00:00 + 1 hour … Exclusively correct answers were given again, … although service capacity was not yet fully restored • 00:00 + 2 hours … The entire capacity / performance was restored • 00:00 + 3.5 hours … The standard zone data provision process (including the most up-to-date data) was fully restored 4

  5. Incident handling Step 1: Analysis The Incident handling team was summoned immediately to analyse, confine and fix the problem No, but we were seeing a disproportionate ¿ A root server problem ? number of NX replies! → ¿ Does a bug in the registration software result in a "corrupt" database ? No! ¿ Was a corrupt zone file generated ? No! ¿ Was the check guarding the copy operation from the zone generating server No! to the zone distribution server negative ? ¿ Was the plausibility check negative that verifies if the copy of the zone file is No! authentic (MD5 hash)? ¿ Is there any bug in the protocol software that will have an impact on the zone No! file loading at the distributed remote name server locations ? ¿ …if not so, what actually did happen ? 5

  6. Root cause We conducted a project to innovate our name server architecture resulting in a successive roll-out processes of new equipment to the name server locations . For duration of the parallel operation of "old" and "new" name server locations, we adopted the zone distribution process . To serve as data source for the new locations the correctly generated, plausibility-checked and securely transmitted zone file is copied once again , from one directory of the zone distribution server to another. This copy failed … because of insufficient disk space ! … and wasn’t observed because the particular server had not yet been integrated into the standard monitoring for the transition period ! 6

  7. Incident handling Step 2: Confining and Fixing the Bug 1. Eliminate the storage problem 2. Successively shut down and restart the locations using the latest intact predecessor version of the zone file 3. Re-establish the standard process 7

  8. Follow-up actions and status (1) Ad-hoc Measures Status • Implement and deploy a MD5 check of the copying process on the distribution server and done • Implement a switch to interrupt automatic processing in case of faulty results • Integrate the respective server in the standard hard disk monitoring done • Script for deleting outdated zone files from the distribution server done 8

  9. Follow-up actions and status (2) Medium-termed Actions Status • Provide a "backup zone" at each name server location and implement an automated rollback mechanism to activate the backup zone or under test • Install a stand-by server for each location to run an old (1 day) zone to switch to in case under test of an emergency (corrupt new zone) Incident Handling Status • Envision potential security incidents and respective optimized counter action plans 30 Dec 2010 • Fast and efficient mechanisms to summon the incident handling team 30 Dec 2010 • Implement emergency switches “name server locations on / off" done • Review DNS monitoring functionalities 31 Dec 2010 9

  10. Follow-up actions and status (3) Process Improvement Status • Live-up to the defined change-/ release management processes On-going • Leverage of a professional service management and configuration management done database tool • Define an incident response process done • Review crisis communication done • Recruit an "Information Security Officer" done Quality Assurance Measures Status 1st quarter • IT operations audit 2011 10

  11. ? Questions / Comments Joerg Schweiger schweiger@denic.de +49 69 27235 -455 11

  12. Process to publishing a zone NSL 1 old Zone data Zone file Zone file NSL 3 old Zone file NSL 4 new Nic.db Zone generating server Zone distribution server NSL 16 new 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Recreational Disturbance Study Durwyn Liley Today Defining disturbance Fieldwork results

Recreational Disturbance Study Durwyn Liley Today Defining disturbance Fieldwork results

Recreational Disturbance Study Durwyn Liley Today Defining disturbance Fieldwork results Implications Disturbance Avoidance of Suitable habitat Pop Direct Stress mortality Impact? Behavioural response Fieldwork

562 views • 40 slides
Humber Winter Bird Disturbance Study Durwyn Liley Disturbance Difficult to define

Humber Winter Bird Disturbance Study Durwyn Liley Disturbance Difficult to define

Humber Winter Bird Disturbance Study Durwyn Liley Disturbance Difficult to define Difficult to understand scale of impact Avoidance, direct mortality, behavioural response and physiological impacts Difficult to manage Methods

468 views • 43 slides
Assessing Capacity 1. Is there impairment of, or disturbance in, the functioning of the

Assessing Capacity 1. Is there impairment of, or disturbance in, the functioning of the

Assessing Capacity 1. Is there impairment of, or disturbance in, the functioning of the persons mind or brain? 2. Is the impairment or disturbance sufficient that the person lacks the capacity to make that particular decision at a

239 views • 4 slides
Linking DNS with blockchain-based ENS records Brantly Millegan / brantly@ens.domains Hello! Me :

Linking DNS with blockchain-based ENS records Brantly Millegan / brantly@ens.domains Hello! Me :

Linking DNS with blockchain-based ENS records Brantly Millegan / brantly@ens.domains Hello! Me : Brantly Millegan Work : True Names LTD (Singaporean non-profit) Open source project : Ethereum Name Service Website : https://ens.domains Blockchain

796 views • 31 slides
Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of

Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of

Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of Doma of Warfar are Lan and Se Sea Joint M ultinational Combined Arms Live-Fire Exercise Camp Grayling-Alpena CRTC 2010-2018 NORTHERN

310 views • 4 slides
EC3062 ECONOMETRICS DYNAMIC REGRESSIONS MODELS Autoregressive Disturbance Processes Economic

EC3062 ECONOMETRICS DYNAMIC REGRESSIONS MODELS Autoregressive Disturbance Processes Economic

EC3062 ECONOMETRICS DYNAMIC REGRESSIONS MODELS Autoregressive Disturbance Processes Economic variables often follow slowly-evolving trends and they tend to be strongly correlated with each other. If the disturbance term is compounded from such

303 views • 28 slides
Biodiversity Disturbance Succession Works Cited Return to Table of Contents Slide

Biodiversity Disturbance Succession Works Cited Return to Table of Contents Slide

Slide 1 / 82 Slide 2 / 82 6th Grade Disturbance &amp; Biodiversity 2015-08-27 www.njctl.org Slide 3 / 82 Slide 4 / 82 Table of Contents Click on the topic to go to that section Biodiversity Biodiversity Disturbance Succession

192 views • 17 slides
Effects of industrial noise and landscape disturbance on owls in the boreal forest Julia Shonfield

Effects of industrial noise and landscape disturbance on owls in the boreal forest Julia Shonfield

Effects of industrial noise and landscape disturbance on owls in the boreal forest Julia Shonfield &amp; Erin Bayne University of Alberta @JuliaShonfield Anthropogenic disturbance is increasingly affecting previously undisturbed areas, and

503 views • 36 slides
Providing Management Focus on the Landscape Systematic Management of Disturbance Managing from

Providing Management Focus on the Landscape Systematic Management of Disturbance Managing from

Providing Management Focus on the Landscape Systematic Management of Disturbance Managing from the Top to the Bottom October 29th 2015 Systematic management of Disturbances An Informed-Focused Approach to Managing Disturbance Tactical Plans

543 views • 23 slides
Bi-Continuous Domains and Some Old Problems in Domain Theory Talk at Domains IX Klaus Keimel

Bi-Continuous Domains and Some Old Problems in Domain Theory Talk at Domains IX Klaus Keimel

Bi-Continuous Domains and Some Old Problems in Domain Theory Talk at Domains IX Klaus Keimel October 21, 2008 Warning: These Notes contain the contents of my Talk at Domains IX. There may be mistakes. References are incomplete. Comments are

142 views • 11 slides
1 The Dream for Students with EBD What is the dream for students with emotional disturbance and

1 The Dream for Students with EBD What is the dream for students with emotional disturbance and

Bridge to the Future IV Anaheim, CA 11/6/2018 Improving Transition Outcomes for Youth with Emotional Disturbance: Best Practices Michae Mic ael Lahar Laharty Vo Vocational S Specialist Sac Sacrame amento C Coun unty O ty

735 views • 27 slides
Recapitulation What do we want? v = disturbance y u System e = control error r +

Recapitulation What do we want? v = disturbance y u System e = control error r +

Recapitulation What do we want? v = disturbance y u System e = control error r + The control problem: Minimize e , including the effect of v , and keep u small ( u min u u max ). Ultimate course goal: Find

594 views • 12 slides
Recapitulation What do we want? v = disturbance y u System e = control error r +

Recapitulation What do we want? v = disturbance y u System e = control error r +

Recapitulation What do we want? v = disturbance y u System e = control error r + The control problem: Minimize e , including the effect of v , and keep u small ( u min u u max ). Ultimate course goal: Find

555 views • 8 slides
1 HPC: headache Past Medical History Precipitating factors: stress, OCP, specific foods,

1 HPC: headache Past Medical History Precipitating factors: stress, OCP, specific foods,

Neurological History: symptoms Headache Fits, faints and funny turns Neurology teaching Disturbance of higher mental function History taking and common presenting neurological symptoms Visual, hearing disturbance Speech

406 views • 6 slides
Domains of commutative C*-subalgebras Chris Heunen 1 / 26 Domains of commutative C*-subalgebras

Domains of commutative C*-subalgebras Chris Heunen 1 / 26 Domains of commutative C*-subalgebras

Domains of commutative C*-subalgebras Chris Heunen 1 / 26 Domains of commutative C*-subalgebras Chris Heunen and Bert Lindenhovius Logic in Computer Science 2015 1 / 26 Measurement unit vector x in C n State: Measurement: in basis e 1 , . .

1.12k views • 96 slides
Monitoring the Initial DNS Behavior of Malicious Domains Shuang Hao (Gatech) , Nick Feamster

Monitoring the Initial DNS Behavior of Malicious Domains Shuang Hao (Gatech) , Nick Feamster

Monitoring the Initial DNS Behavior of Malicious Domains Shuang Hao (Gatech) , Nick Feamster (Gatech) , Ramakant Pandrangi (Verisign, Inc.) Motivation DNS: A Critical Internet Service A distributed database mapping host names to IPs Most

377 views • 16 slides
Domain Name Commission v DomainTools Case re unauthorized access to .nz domain name space

Domain Name Commission v DomainTools Case re unauthorized access to .nz domain name space

Domain Name Commission v DomainTools Case re unauthorized access to .nz domain name space Overview The Domain Name Commission who we are What this action is about and why we took action in the US Current position What others

179 views • 6 slides
Presentation Goals Foster Care Liaison Enrollment Education Decision Making Foster

Presentation Goals Foster Care Liaison Enrollment Education Decision Making Foster

8/29/2018 Advancing the Education of Students in Foster Care GUIDANCE FOR TEXAS SCHOOLS Presentation Goals Foster Care Liaison Enrollment Education Decision Making Foster Care &amp; Student Success Resource Guide TEA Resources

445 views • 21 slides
Purpose of Enlargement JULY 8, 2015 Overview Purpose of Enlargement Educational Services

Purpose of Enlargement JULY 8, 2015 Overview Purpose of Enlargement Educational Services

Passaic County Educational Services Commission Purpose of Enlargement JULY 8, 2015 Overview Purpose of Enlargement Educational Services Transportation Services Information Technology Services Financial Services Overview Mission The PCESC

305 views • 26 slides
Legislative Interim Study October 11, 2016 Senate Health and Human Services Committee Maura

Legislative Interim Study October 11, 2016 Senate Health and Human Services Committee Maura

Okla lahoma Chil ild Abuse se Registry try Legislative Interim Study October 11, 2016 Senate Health and Human Services Committee Maura Wilson-Guten Child Protection Coalition Advocacy Committee Chair Executive Director Tulsa CASA THE

378 views • 16 slides
Leasing and Joint Venture Tom Kininmonth &amp; Mooleric Contract Share Farming Agreement (CSFA)

Leasing and Joint Venture Tom Kininmonth &amp; Mooleric Contract Share Farming Agreement (CSFA)

Leasing and Joint Venture Tom Kininmonth &amp; Mooleric Contract Share Farming Agreement (CSFA) History 2013 2016 Graduated 2008 finished Bachelor of Mooleric VCE Commerce CSFA 2009 Jackroo 2015 joined NT/WA Kininmonth Family

149 views • 12 slides
Q3 2017 Investor Presentations ForwardLooking Statements This presentation contains

Q3 2017 Investor Presentations ForwardLooking Statements This presentation contains

Q3 2017 Investor Presentations ForwardLooking Statements This presentation contains &quot;forward-looking information&quot; as defined under Canadian securities laws which reflect managements expectations regarding objectives, plans,

683 views • 32 slides
Finance Sales Legislative Authority Financial Snapshot Profit/Loss $488,808 $3,771,656

Finance Sales Legislative Authority Financial Snapshot Profit/Loss $488,808 $3,771,656

Georgia World Congress Center Authority February 25, 2014 Authority Meeting Finance Sales Legislative Authority Financial Snapshot Profit/Loss $488,808 $3,771,656 $70,272 Projected 175,477 5,721,677 45,784 Actual 782,875 22,608,730

424 views • 27 slides
Barriers to Household Risk Management: Evidence from India Shawn Cole Xavier Gine Jeremy Tobacman

Barriers to Household Risk Management: Evidence from India Shawn Cole Xavier Gine Jeremy Tobacman

Barriers to Household Risk Management: Evidence from India Shawn Cole Xavier Gine Jeremy Tobacman (HBS) (World Bank) (Wharton) Petia Topalova Robert Townsend James Vickery (IMF) (MIT) (NY Fed) Presentation by Xavier Gine Index Insurance 4

568 views • 39 slides

More recommend