In association with heise online

07 February 2007, 10:39

Major attack on DNS root servers

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

It may have passed almost unnoticed by users in the UK, but yesterday (6th Feb.) the central root name servers and the name server systems of a number of global and local domains were subjected to a large scale attack. Root servers L, managed by the Internet Corporation for Assigned Names and Numbers (ICANN), and G, under the control of the US defence ministry, were, for a while, unobtainable. According to information from experts, all 13 root servers were attacked, although most experienced only minor restrictions. This is shown by a glance at the monitoring service of the RIPE NCC in Amsterdam.

Daniel Karrenberg, the head of RIPE NCC's technology group, confirmed that - "Attacks have been made". The root name service, however, had remained available at all times. Why these two servers in particular were affected remained unclear. "We are looking into it," explained Karrenberg. The fact that G and L do not use widely distributed anycast networks may have been a factor. The ISC's F server, which also exhibited slightly slowed response times, has a large network of anycast servers, which respond locally to queries to the root server.

The French Afnic registry was one of the first registries to observe the attacks. According to Afnic employee Stéphane Bortzmeyer, a preliminary test run for the attack was made at 1 am CET. The main attack took place between 11 am and 1 pm this Tuesday lunchtime against all root servers and a series of servers operated by UltraDNS for various top level domain registries. The domains affected included .org, .info and .uk. One of the name servers in the Vatican address space (.va) was also disabled. Fire-fighting is still going on at ICANN in Marina del Rey near Los Angeles, where the website and other services were affected.

By contrast the .de zone was spared. Arnold Nipper from the German exchange point DE-CIX reported no impediments to service. The attacks do however, reaffirm that the DNS is sufficiently robust. During the last big attack in 2002, the root name server operators warned of ever more professional attacks. One expert felt able to joke about the coincidence with today's Safer Internet Day - some people clearly wanted to celebrate the day their way. (Monika Ermert) /


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit