Facebook breach highlights need for DNS monitoring

Facebook breach highlights need for DNS monitoring

If you were one of the billions of frustrated Facebook users who were unable to access their accounts on Monday, rest assured that downtime is a thing of the distant past and the mega-social media platform is back online. End users can now relax knowing that the brush fire is out.

Remarkably, the nearly seven-hour-long outbreak could not be attributed to the deluge of recent high-profile attacks on government, corporate and education servers worldwide. Rather, Facebook engineers explained that the company’s data centers shut down during routine maintenance, causing the DNS servers to go offline, resulting in 5xx server error messages popping up everywhere.

DNSor Domain Name Systemis necessary for your users to be able to navigate to your website and use your online services. Without it, users would have to remember exact IP addresses to get from point A to point B on the internet.

The outage also affected Instagram, WhatsApp and Messenger. But how could an organization that earns an average of $13.3 million an hour so famously drop the ball?

BGP and DNS problems start a fire

If there’s one thing web professionals know, it’s that site uptime and performance can make or break you. But the same applies to DNS.

Facebook’s problems started with an issue involving BGP and DNS that began with a configuration change that affected their entire backbone. BGP stands for Border Gateway Protocol. It is a mechanism that provides Internet routers with updated lists of possible routes that can be used to deliver network packets to their final destinations.

Individual networks have a unique Autonomous System (AS) number. An AS is an individual network with a uniform internal routing policy. Each AS can create prefixes that control a group of IP addresses) in addition to transit prefixes that say they know how to reach certain groups of IP addresses. More specifically, each ASN must advertise its prefix routes to the Internet using BGP. If this does not happen, it will not be possible for the user to connect to a particular website.

During maintenance, Facebook’s DNS servers disabled BGP advertisements that could not talk to their data centers. BGP routes were withdrawn and as a result, Facebook’s DNS servers became unavailable and was disconnected. With these withdrawals, Facebook and its websites had effectively disconnected from the Internet.

Look up your DNS, for free

Sources of DNS violations

Despite your best efforts, sometimes power outages or downtime can happen. But if you consider the potential possibilities and come up with a plan, you can minimize DNS downtime.

Common causes of DNS downtime:

  • Poor DNS server performance
  • DNS server downtime
  • Cache “poisoning” or hijacking
  • Incorrect configuration

What can happen if your DNS goes down

Fire. Sulphur. Cats and dogs raining from the sky!

Okay, maybe it won’t when your DNS is suffering from downtime. But what is happening is certainly not pretty. But that’s not what happens when your website goes down either.

When your DNS fails, end users will not be able to reach your website or web services using your default domain. For example, if Uptrend’s DNS failed, you wouldn’t be able to reach it www.uptrends.com. The only way around that would be to know the IP address of the server where the site is located.

This means that your end users will assume that your website is down, broken, unreliable and insecure, which in turn can cost you in lost revenue and/or reputation. Facebook has billions of end users, many of whom use the social media platform not only to connect with friends and family, but also to grow their businesses through advertising and outreach.

Monday’s debacle costs Facebook founder Mark Zuckerberg $6 billion within hours due to a giant sell-off in the company’s shares. While you may not be an internet tycoon, you get the idea.

Don’t be left in the dark about your DNS status

With Uptrends Synthetic Monitoring you can monitor your DNS uptime and performance status, 24/7, from 228 global monitoring checkpoints. If your DNS suffers from downtime or performance issues, your team will be the first to know with updated SMS and email alerts.

A DNS error can mean that email servers, web servers or APIs become unavailable. Even worse, a compromised DNS record can send your users to a completely different IP address.

A malfunctioning DNS record can cause major problems for your brand and visitors. Do you have a specific DNS lookup you want to monitor? DNS monitoring protects you and your users with:

  • Domain name verification– Monitor the DNS query live to ensure that your domain name is still directing traffic to your web server’s IP address.
  • Comprehensive DNS health checks– Verify A records (IPv4) and AAAA records (IPv6), check aliases (CNAME), view SMTP mail server mappings (MX records), monitor DNS zone delegates (NS records), verify SOA serial numbers
  • Real-time DNS alerts– Uptrends DNS monitoring monitors your DNS day and night, and Uptrends notifies you the moment it detects a malfunction.
  • Reliable DNS reporting– Monitor, diagnose, receive alerts and access reports on the performance of your DNS servers from around the world.

A DNS error can cost the organization a lot of lost revenue the longer it persists. Why waste money when you can take a proactive approach to comprehensive monitoring of your entire network? Get started with one free trial of Uptrends monitoring or a personal one one-on-one demo. What do you have to lose?

Leave a Reply

Your email address will not be published. Required fields are marked *