Testing 1..2..3

Posted by Martin Visser on November 13th, 2008 — Posted in networking, Technology

Me thinks ebay had a little slip-up tonight (wondering why I was getting a “no route to host” from my squid proxy server while checking out some cameras) :-

marty@glenstorm:~$ dig catalog.ebay.com.au

; <> DiG 9.4.2-P1 <> catalog.ebay.com.au
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24374
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;catalog.ebay.com.au.           IN      A

;; ANSWER SECTION:
catalog.ebay.com.au.    422     IN      CNAME   catalog-test.intl.ebay.com.
catalog-test.intl.ebay.com. 1022 IN     A       10.14.90.92
catalog-test.intl.ebay.com. 1022 IN     A       10.4.90.92

;; Query time: 23 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu Nov 13 23:45:03 2008
;; MSG SIZE  rcvd: 109

3 Comments

3 Comments »

Comment by Morgan Storey

oops… but really they are only human, mistakes happen. I have seen this a few times, how quick was it fixed though? My guess is probably pretty quickly after a torrent of emails and calls.

Posted on November 14, 2008 at 9:35 am

Comment by Martin Visser

Actually, I think the real problem is a webserver coding error. catalog.ebay.com.au still has the same A record as above as I write this (12+ hours from when I first saw this, so I guess no sirens are going off as yet). The actual URL that ebay was providing was http://catalog.ebay.com.au/Panasonic-Lumix-DMC-LX1-Digital-Camera_W0QQ_fclsZ1QQ_pcatidZQQ_pidZ55900538QQ_tabZ2 , which clearly will still break.

I wasn’t really trying to diss ebay (they provide a good service) and I do know people make mistakes (I make a lot). I guess it was more an interesting curio.

I guess there is an opportunity here for people like myself who get involved in network deployments thinking about failure scenarios that aren’t just technical.

For instance in this case clearly it doesn’t make sense that the record is such as it is. So if you were monitoring your external DNS you could :-

1. Check that all your external facing A records don’t have CNAMEs pointing to test servers (alert 1)
2. Check that your external facing A records don’t have IP addresses that aren’t in your registered external pool (alert 2)

Generally for external DNS I imagine a lot of people just do a fairly simple service test, basically making sure the zone is up and that you get at least 1 result. I doubt that many people actually actually look for giving out wrong results.

Posted on November 14, 2008 at 1:04 pm

Comment by Morgan Storey

I didn’t mean to decry Ebay, though their practices in Australia leave a lot to be desired (forcing us to use paypal, then double charging). But this is a pretty bad DNS setup, dns should let info about your internal network out into the world, shows they are probably running their DMZ very losely.

Posted on January 4, 2009 at 7:37 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment

« http://proxy.olympics.org:8080 – why not IOC?
Switching to Internode »