[CS-FSLUG] What if DNS goes down?

Sophie Hamilton cs-fslug at theblob.org
Fri Sep 18 14:33:03 CDT 2009 

On 9/18/09, Ed Hurst <ehurst at soulkiln.org> wrote:
>  My knowledge is limited. Let's pretend for a moment some ruler decides for
> his country to "shut down the Net" the only way he knows -- kill the root
> DNS servers, or something similar.

The 13 root DNS servers are spread out all over the world, not based
in one country. As long as one root DNS server exists, DNS queries can
still theoretically work, although that one DNS server would be under
enormous strain.

More likely, if something somehow *did* shut down all 13 servers at
once, then some enterprising individuals would start up their own DNS
servers to mimic the root DNS servers. This can be done because the
root zone is published by FTP at
ftp://ftp.internic.net/domain/root.zone.gz and is publicly available;
even if that went down, there are many mirrors of the site. New
"roots" would spring up, many probably on machines that couldn't
handle the actual strain. The ones that *could* handle it (probably
backed by educational insitutions) would probably be published at
/domain/named.root on the mirrors of ftp.internic.net (which is a file
simply specifying the records for the root nameservers), and ISPs
would download the new file. For those using their ISPs nameservers,
therefore, things would progress as normal.

For those who used their own caching nameservers that talked directly
to the root nameservers, they'd need to update the files that contain
the root nameservers - although some programs, like dig, have the IPs
compiled in. People may need to download the new file and recompile.
Those using package-based distributions of Linux would need to wait
for new packages to come out, and would need to use their ISP's
nameservers in the meantime. Windows users would get an update by
Windows Update.

In short, if somehow all 13 servers were to go down at once, the
backend infrastructure would be very quickly up and running again, and
it's possible that there might be a day or two of global Internet
issues before things were running again, sort of.

DNS is very sturdy. ;)

Of course, if all root nameservers *and* ftp.internic.net went down,
as in this example, there's no central place to get the new root
nameservers, except by one of the mirrors. If one nameserver was still
up, it'd be easy to get the new root nameservers just by asking for
them from the nameserver. This has the benefit of being 'official'.

Does that help?

 - Sophie.

More information about the Christiansource mailing list