Twitter DNS: ;; connection timed out; no servers could be reached
yeah dyn.com is under attack (ddos)
Yup.
Maybe someone here can explain what's going on, though: why isn't secondary DNS a fix for this?
Or, do Twitter, GitHub, etc, not have secondaries?
well, if secondary dns means using a second provider, then no, they don't
I'd like to know the scale of the DDOS in Gig/sec or Tbit/sec
apparently dyn usually posts post-mortems, so when they're done mitigating they might post details
seems like kayak might be their customer too, they're also having flaky dns
Today I learned that basically every Web site uses Dyn.
lol wtf
i actually didn't notice until someone commented about it on a mailing list...
Apparently I haven't tried to reach an affected site today. *shrug*
And now I get to feel good that the domains I maintain use secondaries on separate providers. :)
brycec: like he.net and cloudflare?
That's an example, sure.
awsdns-52.com awsdns-21.co.uk awsdns-32.org awsdns-01.net
does amazon understand the purpose of a domain name?
Not sure I see your point (or understand the context)
I can understand registering the same domain under different tlds
presumably the tlds maintain distributed enough servers that them all having trouble at once is unlikely
the root zone certainly does and I'm pretty sure .com .net etc do, but who knows about the smaller tlds
but they've got awsdns-[00-63].com and I can't understand that
Ahh
 /win 4
 /lose :)
why don't twitter etc run their own dns :)
it's not the first time there has been a long outage
Or have a secondary? That'd be a good start.
i assume their provider wouldn't allow such a thing
like they have some kind of exclusive agreement
That's a hilarious idea. I hope that's what happened.
cloudflare only allows you to take over dns on normal accounts
but some of the bigger ones want to advertise that the bigger companies rely on them
i am glad Dyn is just a secondary for my sites
good secondary dns is so hard to come by these days :(
what you really want is two competely separate servers run by completely separate groups
what people usually get is two servers sitting next to each other configured exactly the same
haha
you want multiple locations, with multiple servers
the problem is how to sync them
but as long as you take away order requirements etc it's pretty simple
like you take away the requirement to be "in sync"
which for things like twitter should be fine
and so with your distributed web site, you host your dns on the same servers
the master site with proxies from various locations will never be able to match performance wise
I'd like different hardware and even BIND in one place and NSD in the other...
different OSes
that's how you stop these pesky software bugs from killing everything all at once
mkb: appraently knot suggested that you could run nsd and knot
the idea of running bind is uh, ick.
bind has had quite a lot of bugs that can crash the server yes
well yeah... I didn't know of any other dns servers
knot is made by the same people as bird
cz net (net.cz)
I thought isc made bind
ohbird
https://www.knot-dns.cz/
cz.nic
not .net :)
writing a dns server is probably as interesting as writing a routing daemon to most people.  ie not very interesting, but technically challenging
so i suppose it makes sense to make both of them
``With release version 1.2.0 the project was renamed Bundy to terminate ISC involvement in the project.''
concerning bind
what
but it's not clear what that means because I thought BIND was already on version 9
BIND 10
BIND 9 is the one everyone should be using if they are using BIND
in fack 9.11 just came out with some big feature updates - https://www.isc.org/bind-9-11-new-features/
fact*
``In addition to DNS service, the BIND10 suite also included IPv4 and IPv6 DHCP server components'' oh god it does everything
bind 4 is when it was more stable
and what is with writing completely new software and naming it the same as something else
it happens often mkb
it's called refactoring
BIND 10 was supposed to be a refactor yeah
it often takes years
and then the old version adds features the new version doesn't have
but they're continuing to work on the old version
adn there are incompatibilities and complications
so they've just made two programs with the same name
and then peopel say they like the old version better than the new one
often it's becuase someone thinks that everything should be OO
a real refactor is done gradually without a complete fork
and that things should shift frmo C to C++
maybe add better module system with more injunctions etc
leading to confusing code mess
i haven't seen any of the source for any bind
i looked at some gnu source once though.  and i was disgusted :)
yeah the only way to find anything is grep
i found openbsd soruce much easier to follow than linux source
well with congestion control, initcwnd etc
i hacked initcwnd into openbsd for testing myself before there was support heh
and they know how to do long-term refactors correctly too
yeah
openbsd is very good in that respect
If you were twitter, why wouldnt you swap out the name servers to an alternate backup provider
I mean they must have a copy of their own zone
github did that
I guess Twitter just decided to wait it out
or didn't have a contingency plan in place :>
reddit also?
twitter and reddit are working fine for me
Reddit's hosted on Route53 according to my lookup just now, same as what Github switched to. (I don't know what Reddit was using before today)
an iphone 7 exploded
i thought reddit was on cloudflare
hmm reddit is on fastly?
I just looked at the whois :p
Plain and simple
i'm pretty sure reddit used to be on cloudflare
(It's not even a recent nameserver change according to whois, reddit.com's last registrar update was 7 September.
i can't say i've checked often
i really don't know how they compare
cloudflare do dns fastly don't
github uses fastly too
thats interesting ... amazon.com uses dyn as some of it NS
in combination with ultradns
because they don't want their website to go down when aws gets attacked
LOLZ