China confirms internet failure due to root server attack

The intermediary transaction SEO diagnoses Taobao guest stationmaster buys the Cloud host technology Hall

China's domestic large area domain name 21st around 15 o'clock resolution anomalies, resulting in some users can not be normal access. The National Internet Emergency Center confirmed 22nd that the failure was caused by a network attack on the root server. This makes the root domain server security again become a topic of concern. In the Internet, the root domain name server (hereinafter referred to as the root server) in the end what is the role? root server What if it's attacked? Does China need to have its own root server?

Irreplaceable root servers

The National Internet Emergency Center 22nd News confirmed that January 21, 2014 15:20, a large number of Internet users in China can not normally access the domain name to ". com", ". Net" and other end of the Web site. After the incident, the National Internet Emergency Center first time to start emergency response mechanism, coordinate the organization of some technical support units for investigation and emergency disposal, around 16:50, user access to basically return to normal. After the analysis of the data, the preliminary judgment of the incident is due to network attacks caused by internet users in China through the international top-level domain name service to resolve the anomaly, the source of the attack is further investigation.

The root server is primarily used to manage the home directory of the Internet, with only 13 units worldwide. Most of them are located in the United States, Britain, Sweden, Japan each. All root servers are managed by the United States Government-mandated Internet domain name and number distribution agency, ICANN, for global Internet domain name root servers, domain name systems, and IP addresses. The world's 13 root domain servers are named in alphabetical A to M, and 9 have mirrored stations in multiple locations around the world.

People's Daily input of the Web site is convenient to remember, but each URL must correspond to an IP address, so that the computer can identify. Then there will be a list of IP addresses corresponding to the URL, the root server is responsible for the management of this list. Once the root server problem, enter the domain name URL can not find the IP address, users can not open the site. And the 21st of China's network to resolve the anomaly of a large area, that is, when people entered a Web site they want to go, but found that are directed to an irrelevant IP address.

Chinese network security experts, 360 company vice President Tanxiaosheng 22nd in the "Global Times" reporter interviewed, said, from domain name to IP address parsing process is equivalent to ask the road process, domain name server is divided into different levels, and root server can be seen as a master of all the world's top institutions, When you step up to the top level, the root server is sure to give you an answer. Tanxiaosheng said that the root server problem is mainly in two cases, one is "killed", which means that all domain names can not be resolved to IP address. Another situation is to replace a fake one.

Root domain server is attacked multiple times

21st China's network failure is not the first time the root server is under attack. In fact, since the Internet has been put into use, the root domain server has played a key role, but also because of failure or encounter attacks caused widespread paralysis.

A new total list of Internet address assignments was automatically passed between the root servers in July 1997, but the list was actually blank. This human error caused the Internet to have a serious local service interruption, resulting in a few days the network can not access, e-mail can not be sent.

On the afternoon of October 21, 2002, 13 servers were the most serious and the largest network attack ever after the internet was put into use. The attack was mainly DDoS attacks, that is, distributed denial of service attacks, 13 root servers were more than the normal number of 30 to 40 times times of data attacks, resulting in 9 failed to function, of which 7 lost the ability to handle network traffic, and two others were also followed by paralysis. However, after the discovery of hacker attacks, computer and network security experts to take timely measures, coupled with a short attack time, the attack did not have serious consequences, the Internet users have not been significantly affected. From February 5, 2007 night to 6th, unidentified hackers launched a 12-hour attack on multiple root servers, the worst hacker attacks on the internet since 2002.

Similar to the 21st Chinese part of the ". com" domain name resolution anomaly also happened in other countries. Libya disappeared from the internet for 3 days in April 2004 because of the paralysis of the ". Ly" domain name.

Why the attack only occurred in China

The 21st network incident once again sounded a wake-up call to people. One wonders what the Chinese Internet should do in a few extreme cases of global Internet paralysis, or the blockage of China's Internet exports. In this connection, some people called for the establishment of their own root server. There is analysis that the global layout of 13 root servers is related to the information layout of Europe and America. Currently the only primary root server is in the United States, and the other 12 servers are the primary root servers that support the United States. To change this layout, the establishment of a 14th root server requires authority to pass, which can only be achieved through international cooperation and negotiation, because the increase of a root server, related to the distribution of information flow, and so on a series of issues.

Euxiaotiu, a senior advisor to the China Information Security Assessment Center, said in an interview with Global Times 22nd that the main point of concern and analysis of the incident should be why China went wrong. Because if the root server is attacked, means that the global or a region of national domain name resolution will be problematic, not just a country problem. From this point of view, may be in China to provide domain name resolution of the server out of the question, it needs to understand the domestic user to provide domain name resolution of the host what the problem is that it has been attacked, or its own fault, or another cause.

Euxiaotiu that whether the network is under attack is able to alert, monitor and reduce the impact on the Internet. Through network traffic monitoring, once found instantaneous flow anomaly, it means that there is a problem. However, Euxiaotiu says, network security is dynamic security. Can be early warning, monitoring, and take emergency measures, and once the attack occurs, if not completely prevent, there may be partial interruption of service, and take emergency measures, can reduce the loss to a minimum.

Tanxiaosheng said that the root server should be attacked, the most effective solution is to the root server resolution of the IP address data backup, once there is a problem, although not fully restored, but can be in the emergency situation to ensure that the vast majority of services normal. This may cause a slight decrease in service quality in a short period of time, but not a total network paralysis.

Related reading:

National wide range of DNS fault experts said or related to hacker attacks

China has a wide range of DNS failures, such as Sina Weibo site was resolved to 65.49.2.178