digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

See the original image at computerworld.com

DNS trouble knocks NSA off Internet

computerworld.com — 'Our techs are working on it,' says an agency spokeswoman

Bury
show profanity settings
expand all
  • steaprok, on 05/16/2008, -0/+27HA! sounds like checks in the mail....
  • elamr, on 05/16/2008, -7/+36Ironic: NSA employs the country's premier cryptologists. It is said to be the largest employer of mathematicians in the United States and perhaps the world.

    good scientist/mathematician != good computer technician
    • SPThom, on 05/17/2008, -2/+8"good scientist/mathematician != good computer technician"

      Well... I agree. That being so, what's even remotely ironic about this?
      • haydesigner, on 05/17/2008, -0/+4I, too, fail to see the irony.
      • michaelb323, on 05/17/2008, -2/+2the fact that they are spying on us and they cant figure out how to fix a small problem with their network?
      • mhearne, on 05/18/2008, -0/+3I have a room full of old computers and even a couple of servers that I could let them have. What I don't get is why a DNS server, which should be dedicated, would have been doubling as a web server as well.

        I have to wonder who set this all up. This was not a "small problem with their network". Anyway, I shouldn't worry about being spied on so much, if my office network is more secure than nsa.gov!
    • schneidafunk, on 05/17/2008, -1/+15This is not a big deal at all, the only thing affected was their public website (internal network was probably working just fine). I'm sure all of their spying equipment at AT&T is still working just fine.
    • mcla0181, on 05/17/2008, -0/+0scientists are not the ones running those server ahahaa
  • WiseWeasel, on 05/16/2008, -2/+40Quick, let's talk about the constitution while no one's looking! : P
  • buffyangel108, on 05/16/2008, -0/+39NSA: no snooping access. Yay!
  • Laminarcissus, on 05/16/2008, -0/+7Or so they say...
  • YodaJones, on 05/16/2008, -2/+7Haaaaa haaaaaa. Umm, the best of the best? losers.
    • masterm1nd, on 05/17/2008, -1/+1Who is better?

      Best != Perfect. The best batter still strikes out once in a while.
    • YodaJones, on 05/17/2008, -0/+1I am better. Thank you.
  • Terasiel, on 05/16/2008, -1/+19I'm so glad it's these people who are in charge of our national security. Makes me feel down right safe.
    • ParanoydAndroid, on 05/17/2008, -0/+5It actually does make me feel safer, knowing that there's a chance the NSA has reduced capabilities for a while.
      I'm pretty sure their internal network and things like Echelon and Carnivore are still running, but a man can dream can't he?
  • maracle2, on 05/16/2008, -0/+76I'm headed Cali-fornie-way to find me some internet
  • JensenSteve, on 05/16/2008, -13/+2Its probably a clever ploy by BushCo. in order to allow a cyberattack for their own commercial gains, I wouldn't be surprised to hear about a major security breach in the next couple of days.
    • jmhyer51, on 05/16/2008, -0/+8Newsflash: everything bad in the world is not Bush's fault, just most of it.
      • carpespasm, on 05/17/2008, -1/+2besides, he doesn't have ties with anyone smart enough to do something worth profiteering on online.
  • max420, on 05/16/2008, -3/+11Omigod. That really is embarassing. I was able to set up my own DNS server for the first time a few weeks ago. I had both servers running on the same machine for about 3 days, until the second server showed up. At which point I set up a secondary DNS server.

    The fact that these guys were hosting two DNS servers, and one Web Server on the same machine is retarded. I wonder how much of a credebility hit these guys will take because of it.
    • Pixelpaws, on 05/16/2008, -0/+8The NSA had credibility?
    • vanza001, on 05/17/2008, -3/+5Its called virtualization. When you have 4 cores and 32 G of ram you can set up multiple virtual machines in one box.
      • hellotyler, on 05/17/2008, -0/+5Then when your ONE box with no redundancy setup goes down, so does your entire network. Yeah, what a GREAT system.

        Didn't people learn anything from RAID 1 ?
        • oldgal, on 05/17/2008, -0/+2This was well understood in the 80's.
        • digitalarcanum, on 05/17/2008, -0/+1I'd have to say that is quite stupid of them. it's not like they couldn't use ESX server and set up vmove to fire up the virtual machine on another box if the first one goes down. Leave it to the government to ***** up something like this.
  • dh122, on 05/16/2008, -0/+9Yeah, well karma is a bitch.
  • terajoule, on 05/16/2008, -0/+11Alert the Internets!
  • jmhyer51, on 05/16/2008, -1/+7They should have rerouted through Opendns.
    • hellotyler, on 05/17/2008, -1/+2OpenDNS actually caused me a *****-ton of problems.
  • tcpip4lyfe, on 05/16/2008, -2/+5Wait they aren't hosting their DNS on a Master/slave system? How hard is it to setup an extra linux box and Bind9?
    • heliox, on 05/17/2008, -3/+2Its good to know YOU know what the ***** problem is just by reading some halfass story.
      You so smart.mommy must be so proud of you.
    • tcpip4lyfe, on 05/17/2008, -2/+1If the article was right then I do know what the problem is. The problem is the had only one DNS server on one box. Common practice would tell you that there should be any single point of fail over on a mission critical website. So yes. My mommy should be proud of me because I learned what I should of learned in college at the college she helped pay for. And you can go ***** yourself because: A: I'm drunk. B: I know what I'm talking about and you don't. Sudo apt-get install bind9 && wget http://prdownloads.sourceforge.net/webadmin/webmin ...

      How ***** hard is that?
      • Tanath, on 05/17/2008, -1/+11. The article specifically mentions they had problems with their DNS servers. Plural.
        2. It isn't necessarily true that they had a single point of failure. As they have more than one DNS server, that implies they took it down deliberately.
        3. Should have taken English in college too.
        4. Webmin? For the NSA? Seriously? Um, no. This is a security agency. The one which created SELinux.
  • kevin1987, on 05/16/2008, -1/+18I find it hard to believe that they had both DNS servers running off the same machine, that just goes against common sense :
  • Sonhja, on 05/16/2008, -7/+7Our commander in chief is an idiot!
  • dmourati, on 05/16/2008, -5/+7$ dig -t ns nsa.gov +short
    romulus.ncsc.mil.
    topscale.nsa.gov.
  • DiggDuggDugged, on 05/16/2008, -1/+13Not to put too fine a point on it but this is pretty much a non-story. NSA has structured their networks so that these DNS servers has no bearing on the Agency's day-to-day operation. The small nation of employees there would have had access to all the network resources they are accustomed to and still been able to send and receive all the email they would ever need. The analyst cited in the story maybe correct that NSA has bungled their security implementation on these particular servers but the rest of his comments smell like fear mongering for attention to me.
    • roflbrothel, on 05/17/2008, -1/+3How do YOU know this?

      If you work for the NSA, couldn't you get fired or punished for even telling people what yo do let alone revealing any information about how their networks work (or don't work)?

      If you don't work for the NSA, how do you know?
      • DiggDuggDugged, on 05/17/2008, -0/+5I work in the IT department of a company affiliated with NSA, hold a security clearance, and am familiar with their basic network topography. Nothing I have said in this thread steps over the line and gives information away in such a way as to jeopardize their mission.

        The days of NSA being an uber secret spy agency are long over. There are signs on all the highways around Ft Meade that lead you directly to the NSA campus and they have their own NSA branded paraphernalia sold in their own NSA gift shop, for you to freely give away as gifts. This isn't your father's spy agency.
    • kollross, on 05/17/2008, -0/+1I would agree, this is somewhat of a crap story. Yes maybe their external mail presence might have been affected but thats about it. I would imagine they multiple internal dns systems on the local network which has no connection to their public stuff, why wouldn't they, do any other large organizations to the hosts names of internal machines on the public dns....no. Also why do people assume this is all on one box? Same IP or what? If thats what they are basing it on clearly they have never come into contact with any CSS switches Ace modules or any other form load balancers before?
  • AmericansRevolt, on 05/16/2008, -6/+9the nsa represents the most vicious attack our constitution ever faced. privacy in america has vanished and personal freedoms are dying faster then the earthquake people in china. i wish the nsa would die and go to hell, and oh yeah since theyre not listening right now IVE GROWN WEED IN MY BACKYARD HAHAHAHA what a ***** joke
    • ufia, on 05/17/2008, -2/+2You are quite the rebel kid. Something tells me you couldn't operate a DNS server if your life depended on it.
      • AmericansRevolt, on 05/20/2008, -1/+0comebacks like that make me want to stop coming to digg.com. btw- you couldnt operate your penis if your life depended on it. funny enough though, you probably have no problem operating it when another man depends on it.
    • mcla0181, on 05/17/2008, -2/+0privacy is not in the constitution... lol
  • AlaskaLoneWolf, on 05/16/2008, -3/+7Aren't these guys supposed to be the computer ninjas? Maybe it's those darned Chinese hackers again.
  • awesometastic1, on 05/17/2008, -2/+17wow, so does this mean for the next day or so we are now free to defend and discuss the constitution without fear of men in black suits showing up and carting us off to be tortured??? FREEEEEEEDDDDDDOOOOOOOMMMMM!!!!
    • haterofps3, on 05/17/2008, -0/+1How does that make sense? the internet is an ever growing history of comments and ideas. Just cause they can't read it today does not mean they can't read it tomorrow or the next day. Hell it probably show up on did again in a couple months!

      You have no freedom because you got scared and traded it in for some magic beans!
  • awesometastic1, on 05/17/2008, -0/+8 "In fact, the NSA has made some basic security mistakes with its DNS servers, according to McPherson. The NSA should have hosted its two authoritative DNS servers on different machines, so that if a technical glitch knocked one of the servers offline, the other would still be reachable. Compounding the problem is the fact that the DNS servers are hosted on a machine that is also being used as a Web server for the NSA's National Computer Security Center.

    "Say there was some Apache or Windows vulnerability and hackers controlled that server, they would now own the DNS server for nsa.gov," he said. "That really surprised me. I wouldn't think that these guys would do something like that." "

    Wow, how are hackers not daily breaking into the NSA's system? What did they do, hire a couple high-schoolers to setup their DNS and web servers??
  • summer3317, on 05/17/2008, -0/+0Is anyone else recalling Digital Fortress right now?
  • Lambeco, on 05/17/2008, -0/+0No Such Website
  • wiretapped, on 05/17/2008, -8/+1What is the NSA and why should we care?
  • looksliketrent, on 05/17/2008, -0/+2Their website (nsa.gov) gives me the feeling I'm being watched.
    • Princeamor, on 05/17/2008, -0/+1thats because you are.. haven't you heard of the patriot act?
  • DickMasterson2, on 05/17/2008, -2/+1EPIC FAIL!!!
  • wiretapped, on 05/17/2008, -1/+2I - the - NSA - website - need - hits - so - made - up - this - story - to - gather - signal - intelligence - and - to - test - out - traffic - surge - on - our - infrastructure...
    • j3one, on 05/17/2008, -0/+1well while your at it, tell the NSA to tell "PeopleSoft, Inc" that their "help" link on the employment popup links to "helpwebserver.com" - a domain for sale.
  • stretch611, on 05/17/2008, -0/+2NSA?!? There is No Such Agency, show why would they have a website?
  • coresnake, on 05/17/2008, -1/+2ITS A TRAP!!
  • Shaman760, on 05/17/2008, -0/+1Forget to pay your registrar bill and see what happens.....
  • j3one, on 05/17/2008, -0/+2The actually took it down because it was hacked. Not a big deal as its a fairly easy to exploit cms they are using.
  • GavinZac, on 05/17/2008, -0/+3www.opendns.org ftw
  • briangig, on 05/17/2008, -0/+3i never realized how weird the nsa website was...
  • Elliuotatar, on 05/17/2008, -0/+1LOL
  • Cartmants, on 05/17/2008, -0/+1Silly Coldfusion...
  • Princeamor, on 05/17/2008, -0/+1You have all been logged in the "possible terrorist activity" list, and will be monitored for the next consecutive 45 days.
  • ftw420, on 05/17/2008, -0/+0If they just set the domain to auto renew with GoDaddy, this never would have happened.
  • conna, on 05/17/2008, -0/+1They were just testing something. I doubt that this was an accident, we pay good money for those supercomputers they been upgrading all those years.
  • CarzorStelatis, on 05/17/2008, -0/+1You'd think that the US security agency responsible for cryptography and information warfare would at least have backup DNS servers :P
  • chrisxkelley, on 05/17/2008, -0/+1"Say there was some Apache or Windows vulnerability[...]"

    Who the hell uses Apache on Windows for a production server?
    • dg81, on 05/17/2008, -0/+0The NSA
    • CarzorStelatis, on 05/18/2008, -0/+1Apache _or_ Windows. So Apache for servers, Windows for desktops.
  • bobzibub, on 05/17/2008, -0/+1Not DNS, DOS!
    (Secret box in secret AT&T office:)
    1) hmmm packet to nsa.gov! I'd better forward a copy to nsa.gov!
    2) hmmm 2 packets to nsa.gov! I'd better copy those on to nsa.gov!
    ...
    3) profit?
  • skbenja, on 05/18/2008, -0/+0Um, the NSA doesn't use the internet for its internal e-mail. And it certainly doesn't use nsa.gov for anything else than things related to the web site.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.