Better description of what happened

Tom Beecher beecher at beecher.cc
Wed Oct 6 16:48:25 UTC 2021


I mean, at the end of the day they likely designed these systems to be able
to handle one or more datacenters being disconnected from the world, and
considered a scenario of ALL their datacenters being disconnected from the
world so unlikely they chose not to solve for it. Works great, until it
doesn't.

I'm sure they'll learn from this and in the future have some better
things in place to account for such a scenario.

On Wed, Oct 6, 2021 at 12:21 PM Bjørn Mork <bjorn at mork.no> wrote:

> Tom Beecher <beecher at beecher.cc> writes:
>
> >  Even if the external
> > announcements were not withdrawn, and the edge DNS servers could provide
> > stale answers, the IPs those answers provided wouldn't have actually been
> > reachable
>
> Do we actually know this wrt the tools referred to in "the total loss of
> DNS broke many of the tools we’d normally use to investigate and resolve
> outages like this."?  Those tools aren't necessarily located in any of
> the remote data centers, and some of them might even refer to resources
> outside the facebook network.
>
> Not to mention that keeping the DNS service up would have prevented
> resolver overload in the rest of the world.
>
> Besides, the disconnected frontend servers are probably configured to
> display a "we have a slight technical issue. will be right back" notice
> in such situations.  This is a much better user experience that the
> "facebook?  never heard of it" message we got on monday.
>
> yes, it makes sense to keep your domains alive even if your network
> isn't.  That's why the best practice is name servers in more than one
> AS.
>
>
>
>
> Bjørn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211006/00feab32/attachment.html>


More information about the NANOG mailing list