An Internet dependency

December 19, 2006

Our main Internet connection is effectively down at the moment, and has been for over an hour and a half by now. It's startling how much of my work and the little stuff I do, including things I do more or less to fidget, turns out to be in some way dependent on the Internet.

(I have a pile of little fidgets that I do just to fill time, things like checking every so often to see if the mail server is OK or if there are any new Fedora Core updates.)

It's a good thing that this happened at the end of the day on a slow day, because our campus DNS system is probably in the process of melting down as a result of this. There's two related reasons this happens:

  • DNS servers with simple setups need to go to the root nameservers for anything that's not already in the cache, including the nameservers for our own domains. Although on-campus connectivity is fine, these nameservers may not be able to do anything with it because they can't do the DNS lookups they need because they don't know where to send them.

  • the campus caching nameservers are suddenly backlogging on queries that usually finished fast, because they can't reach pretty much any outside DNS servers. This slows down responses to queries about on-campus stuff; under enough load, the queries even start timing out. (Plus you get a bonus deadly spiral of retries putting even more load on already loaded servers.)

The net result is that even entirely on-campus activity has a habit of grinding to a halt during an Internet outage of any length of time. Personally, I find it an interesting illustration of how interdependent things can be under the hood. (But then I carefully configure my own caching nameservers to know about the campus primary servers.)

There is a bit of irony involved, too. We have two Internet connections, one to the general Internet and one to Internet-II, the high-speed academic network. Our Internet-II connection is fine, but we can hardly use it, because we can't look up the IP addresses of people on Internet-II, because most of the root nameservers aren't accessible via Internet-II.

(I think about five out of thirteen are Internet-II accessible, which is actually more than I expected. It's hard to check, since our connectivity just came back as I was writing this. I suppose that's ironic too.)

Written on 19 December 2006.
« A basic principle of website security
How many root DNS servers are reachable over Internet II? »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Dec 19 18:02:29 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.