Points of failure?
d2r makes an excellent point about the net - the packet switching layer may be nearly invulnerable, but that says very little about the parts of the net that we actually care about as users. Witness the Akamai outage from a few days ago - in some quarters, it wreaked havoc. He goes on to point out that we do, in fact, have some centralized services which offer something close to "single" points of failure:
Take DNS. Originally, name resolution ocurred by matching names against the contents of the local hosts table (stored in /etc/hosts) and when a new host was added a new hosts table was propagated across the participating hosts. Eventually, this process became impossible, since hosts were being added too fast. This led, in the 80s, to the development of DNS, which eventually became the standard.
DNS, however, is a highly centralized system, and it was designed for a network a couple of orders of magnitude smaller than what we have today. The fact that it does work today is more a credit to sheer engineering prowess in implementation, rather than design, although the design was clearly excellent for its time.
Even today, if the root Internet clusters (those that serve the root domains) where to be seriously compromised), the Internet would last about a week until most of the cached DNS mappings expired. And then we'd all be back to typing IP numbers.
And there have been attacks on the root DNS servers. If I wasn't typing this at 30,000 feet, I'd have a ref hany from Google (and just imagine the search havoc if that service got hit). We rely on a number of centralize services on the net - and losing some of them would cause real problems. Something to ponder....
Comments
Re: Points of failure?
[Please define single point of failure] June 23, 2004 4:09:30.305
Comment on Points of failure? by Please define single point of failure
... because I fail to see how 14 CLUSTERS of root nameservers spread out over the world can constitute one.
Re: Points of failure?
[ Reinout Heeck] June 23, 2004 18:38:00.182
Comment on Points of failure? by Reinout Heeck
Please define single point of failure
Example: Single point of failure was when someone at Network Solutions kept hitting 'continue' in warning dialog boxes a while ago. I forgot what happened exactly, the whole root tree disappearded or 'only' the .com disappeard some such. It is a *single* system designed around a *single* top level administration. If that administration fails (politically/humanly/fanancially/techinically/...) the DNS as a whole crumbles.
A bit more political trouble and the DNS will cease to operate (err.. hang on, didn't that recently happen to .sa already?)
And where were you when Verisign pulled that stunt with their root level 'no such domain' redirect to a web server, essentially breaking all secondary mail servers? Was that a single point of commercially induced failure or what?
Re: Points of failure?
[Cees de Groot] June 24, 2004 9:18:35.496
Comment on Points of failure? by Cees de Groot
(that 'anonymous' posting was mine, it was not the first time I mistook the prompt "Posting Name" in BF for "Subject")
Reinout is raising a (valid) political issue, whereas I commented on the technical merits of DNS in order to defind the Founding Fathers of the Internet. Of course, we are both right ;-).