So I was thinking, every DNS essentially just caches one of the root name servers. There are 13 root name servers, A through M. While there are, of course, not 13 physical servers, they are in close geographical proximity. If terrorists truly wanted to cause mass disruption they would only need around 50 terrorists on 7 continents. An easy feat.
Assuming a mass root name server terrorist attack, what would realistically happen? Not all data goes through them, but they're almost essential for name resolution. Do you think a megacorp like Google would step in to help rebuild the infrastructure? ICANN and IANA aren't exactly rich in any sense, and Google already runs one of the most used public DNSes. Think about this, if Google were to rebuild all of the root name servers, they would essentially run the entire internet.
This could be a cool plot for a cyberpunk novel or something, a megacorp using a false flag terrorist attack to take control of the backbone of the internet. Once you control name resolution you more or less control what most laymen consider the internet. Now I'm not saying this is what Google is planning, but this is totally what Google is planning.
>>55057629
I don't know if this is at all feasible, but I sure fucking hope not.
>getting really scared right now
>>55057629
There are many failover servers on standby. It would literally fix itself in minutes with no human intervention.
>>55057629
Big datacenters are heavily guarded. That's not gonna work.
>>55057629
http://gizmodo.com/5912383/how-to-destroy-the-internet
>>55057756
This
I work for a company that handles systems for stock exchanges. The DCs are miniature fortresses, even have armed guards (Britbong, just to make it clear that that isn't normal). Had to visit one of them once, took an hour to clear off site security and then was driven there by one of the guards. Crazy shit.
>>55057752
Taking out a few of the root name servers sure, it's happened in the past and the load balancing took care of it all. But taking out every single one? Like actually destroying the servers? That could take out operations for weeks, or even months. I honestly think the most logical thing would be Google stepping in to help. They probably have the largest infrastructure in the world, it would be fairly simple for them to take control while ICANN and IANA sort stuff out.
>>55057756
>>55057806
Stock exchanges and even the Large Hadron Collider have been taken out by animals burying through the wires. Do you really think terrorists couldn't stop outside contact to them? It would be difficult yes, but not impossible.
>>55057834
I don't think you understand. There are hotswaps ready, in separate datacenters, ready to take over if something goes wrong with the primary servers. Their locations aren't published for exactly this purpose.
>>55057669
This.
>>55057858
I'm sure you're correct, but how long would it take for those servers to take effect? Hours? And how will ISPs and such connect to the new infrastructure? Taking out the root name servers may only be for a day at most, but the threat is all that matters. The internet is much bigger than you and I, showing people it can be taken down would probably be like 9/11 was to Americans.
>>55057629
Then I would only have to remember 4chan's IP.
>>55057629
/g/ - Terrorism
>>55057834
Should have been more clear, the DC that I went to was one of the data warehousing ones (essentially a huge tape archive), those don't tend to make the news as much
>>55057915
Minutes, if not seconds. It's automated, with no human intervention required. This is how multicast IPs work. This protects against everything from hardware failure to datacenter outages to natural disasters to software bugs. Root servers are terribly important, so they're backed by one of the most redundant systems in the world.
If you're writing a book, go for it, it's a cool concept. But you're not the first one to have thought of this.
>>55057998
Which leads to an even bigger question, who's TRULY running the root name servers in the first place? Sure NASA may be running E, but all it would really take is 1 disgruntled sysadmin to take that root server down. A, B, and H aren't using anycast in the first place, so taking those ones out would be the easiest. I suppose it all comes down to a chain of trust. Who REALLY runs D? Some guy at the University of Maryland? I'm not saying you could feasibly take out every single root name server(and the backups ones), but it's an interesting topic to think about.
>>55058063
It doesn't matter because DNSSEC and root keys. The root zone is signed by a key that was split between a whole bunch of important people. You could run a root server out of your basement, but every client could verify whether you fucked with the zone or not.
On 12. Mai 2010 DeNic (which is the registry for all .de Domains) got a problem and for over two hours most/nearly all .de Domains could not been resolved. Juuuust a little error. Seems like it is easy to take at least all of .de down.
1&1 (ISP) wrote something about it but I am sure you can find more of it
https://blog.1und1.de/2010/05/12/denic-probleme-millionen-de-domains-nicht-erreichbar/
>>55057629
>he doesn't know DNS queries are cached locally on pretty much every device with internet access
Most of the root nameservers are now anycasted, so taking out one geographic location is not really effective.
Also as many other people said, the locations that participate also have additional backup servers ready to be put into the mix on a moments notice.
>>55057629
>they are in close geographical proximity.
2500+ miles is close?
>>55058490
>tell router to stop resolving url's for shits and giggles
>everything in my house stops resolving things
>jewcast fucks up their dns servers
>same thing happens
>>55058467
This is interesting, I thought the root name servers propagated the databases within themselves and to ISPs / other DNSes. I don't sprechen enough Deutsch to read the article, but that's pretty interesting.
>>55058490
I'm aware, but taking them out would mean domains couldn't be updated.
>>55058499
Seems like all but 3 are anycasted, which is good to know. In a perfect world all of them would be, but I suppose 10 isn't bad.
>>55058519
Yeah it's called rounding dude :^)
>>55058540
>Yeah it's called rounding dude :^)
Yea, it's still not close retard.
>>55058553
It's a joke but sure.
>>55058490
Also there's no way in hell your device is caching every single domain, there's a reason you use a DNS instead of manually updating your hosts file every 5 minutes. The database is probably a few gigabytes +
>>55058540
http://www.theregister.co.uk/2010/05/12/germany_top_level_domain_glitch/
You can't find much in english though.
>>55058579
>Also there's no way in hell your device is caching every single domain, there's a reason you use a DNS instead of manually updating your hosts file every 5 minutes. The database is probably a few gigabytes +
That doesn't matter because most internet uses tend to visit only a dozen websites. (the big ones: Google, Facebook, YouTube, Twitter, ...)
>>55058594
I bet the guys who did this are now the rockstar programmers at China’s cyber-warfare forces..
all transcontinental and international communication is landlines, none of its satellite.
that means if you want to fuck some shit up you have to go into the ocean and cut the wires. this is why the navy freaks the fuck out when russia is near the oceans of alaska.
>>55058737
Dude, it's ever worse.
They trained the sharks to do the dirty work:
https://www.youtube.com/watch?v=1ex7uTQf4bQ
>>55058827
youre using the wrong map.
heres what you need to know
>>55058827
did you know that the engineers who build those undersea cables didn't account for curvature over those large expanses of water?
because curvature doesnt exist. Im not joking.
"abyssal plains cover more than 50% of the Earth’s surface.[1][2] They are among the flattest, smoothest and least explored regions on Earth."
>Craig R. Smith; Fabio C. De Leo; Angelo F. Bernardino; Andrew K. Sweetman; Pedro Martinez Arbizu (2008). "Abyssal food limitation, ecosystem structure and climate change" (PDF). Trends in Ecology and Evolution 23 (9): 518–528. doi:10.1016/j.tree.2008.05.002. PMID 18584909. Retrieved 18 June 2010.
>>55057629
>This could be a cool plot for a cyberpunk novel or something, a megacorp using a false flag terrorist attack to take control of the backbone of the internet. Once you control name resolution you more or less control what most laymen consider the internet. Now I'm not saying this is what Google is planning, but this is totally what Google is planning.
Thanks for giving them ideas dipshit.
>>55057915
It would only take a few seconds.
A different data center would publish BGP routes for the IP addresses to point them to their servers almost instantaneously, and that would take a few seconds to propagate to the entire internet.
On top of that, you'd have to knock out the servers for more than an hour, since the default TTL is 3600 seconds, and that is the time that devices cache records for.
Not feasible.
-Terrorists are stupid
-The servers are heavily protected, physically
-Exact location of every server is not obtainable
-Several automated fail-over systems keep them virtually immune to any external attack
>>55057915
13 seconds, see https://www.youtube.com/watch?v=qMCHpUtJnEI
you'd be much better off trying to sever fiber optic cables or overloading the routers. there are still enough failovers that you'd never crash the internet.
>>55058063
ICANN
https://en.m.wikipedia.org/wiki/ICANN
