Most active commenters
  • LinuxBender(4)
  • eli(3)

←back to thread

Zoom outage caused by accidental 'shutting down' of the zoom.us domain

(status.zoom.us)
634 points RVRX | 27 comments | 17 Apr 25 00:55 UTC | HN request time: 2.547s | source | bottom
1. RVRX ◴[17 Apr 25 00:55 UTC] No.43711958[source]
"This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain. "
replies(3): >>43711994 #>>43712118 #>>43712177 #
2. LinuxBender ◴[17 Apr 25 01:00 UTC] No.43711994[source]
Something is fishy about this. A communication error would not result in a domain being placed on hold. On hold is usually the result of a legal order or in the case of the .us TLD a nexus compliance violation. I've transferred thousands of domains from assorted dodgy registrars into MarkMonitor and can not even imagine a scenario where a miscommunication results in a domain being placed on hold.
replies(4): >>43712073 #>>43712287 #>>43712366 #>>43712853 #
3. gjsman-1000 ◴[17 Apr 25 01:12 UTC] No.43712073[source]
Nah, weird stuff that “shouldn’t” happen almost always happens more often than things that “should” happen.
replies(2): >>43712120 #>>43712260 #
4. gkanai ◴[17 Apr 25 01:20 UTC] No.43712118[source]
Companies pay MarkMonitor to NOT make these mistakes. So... GoDaddy failed?
replies(2): >>43712208 #>>43712452 #
5. LinuxBender ◴[17 Apr 25 01:20 UTC] No.43712120{3}[source]
I hear ya but this would more than likely be something like a really sloppy human error such as following the wrong process vs. a miscommunication otherwise I would expect these outages to be much more frequent. I do remember when a fat-finger at UUNET took out most of the internet long ago but that was a human error and is a bit harder to have the same impact today.

To me a communication error implies someone followed erroneous instructions without asking the obvious, " ... but isn't this a big business that is still live and why don't I have a legal order in my hand?" In fairness this did happen recently with he.net because a sub-domain was reported but it was done intentionally even if they failed to do even basic due diligence. After Covid I would expect most people would know zoom.us would be in use by a lot of people whereas only specific groups of people would know what he.net is.

I am curious if the process has changed due to laziness and now registrars can just select any number of domains and click a button to place them on hold without management or executive approval. If so that should be in some audit trail and should require confirmation and approval by a senior leader.

6. bo1024 ◴[17 Apr 25 01:28 UTC] No.43712177[source]
What does “shutting down” the domain even mean? Has to be a DNS thing, right?
replies(1): >>43712204 #
7. colechristensen ◴[17 Apr 25 01:33 UTC] No.43712204[source]
It's translated through several layers of people who don't know anything.

Their domain expired because at some level people made some pretty boneheaded mistakes.

Whomever their actual registrar actually was (GoDaddy it seems) stopped pointing the zoom.us nameserver record (NS) at AWS Route 53 which Zoom obviously uses.

    % dig +short zoom.us NS
    ns-387.awsdns-48.com.
    ns-1137.awsdns-14.org.
    ns-1772.awsdns-29.co.uk.
    ns-888.awsdns-47.net.
replies(2): >>43712262 #>>43712457 #
8. devrand ◴[17 Apr 25 01:33 UTC] No.43712208[source]
Yeah I don't understand this. MarkMonitor themselves are a registry, so is the potentially a mistake in migrating from GoDaddy to MarkMonitor?
replies(3): >>43712224 #>>43712242 #>>43712658 #
9. jsheard ◴[17 Apr 25 01:36 UTC] No.43712224{3}[source]
GoDaddy operates the .us TLD, so Zoom registered the domain through Markmonitor, who acquired it from GoDaddy, who shit the bed and broke everything.
replies(1): >>43712238 #
10. devrand ◴[17 Apr 25 01:38 UTC] No.43712238{4}[source]
ah-ha! Didn't consider that GoDaddy operates the TLD (in my mind I assumed it was just Verisign). Thank you for pointing that out.
replies(1): >>43712269 #
11. electroly ◴[17 Apr 25 01:40 UTC] No.43712242{3}[source]
MarkMonitor is a registrar (one of many). GoDaddy Registry is the .us registry operator (the only one); they actually operate the TLD on behalf of the government. In this capacity they are not operating as another registrar, but as the TLD operator.
12. root_axis ◴[17 Apr 25 01:42 UTC] No.43712260{3}[source]
What? Weird stuff happens less by definition.
replies(1): >>43712322 #
13. manquer ◴[17 Apr 25 01:42 UTC] No.43712262{3}[source]
GoDaddy is the root registry for all .us ccTLD, MarkMonitor is the actual registar Zoom is working with. The issue seems to be more how GoDaddy assigned to the domain to MarkMonitor not something Zoom itself likely controls (such as NS records)

.us (and other many TLDs) uses EPP to communicate between registars (MarkMonitor here) and Registry (GoDaddy). It is probably an admin error rather than code[1], some manual approval or other human review workflow for high value domain and someone clicked/filled in the wrong value at GoDaddy or MarkMonitor would be my first guess.

[1] would have been observed and fixed long before today, transfers happen all the time after all

14. jsheard ◴[17 Apr 25 01:44 UTC] No.43712269{5}[source]
It used to be operated by Neustar, but GoDaddy bought out their domains business in 2020.
15. jltsiren ◴[17 Apr 25 01:48 UTC] No.43712287[source]
Correctness doesn't scale. If something has six nines of reliability, you'll probably never see the one-in-million outlier yourself. But if the other side deals with a million requests a month, they are a common occurrence.
replies(1): >>43712320 #
16. LinuxBender ◴[17 Apr 25 01:55 UTC] No.43712320{3}[source]
Yeah I'm not saying errors don't happen. I've been called into gazillions of them including many that "should not happen". Those make for the best root cause analysis and after action reports.

Rather this does not sound like a communication error unless they are leaving out a lot of critical details and context or the domain management interface has been de-frictioned and dumbed down too much.

17. bombcar ◴[17 Apr 25 01:55 UTC] No.43712322{4}[source]
Not necessarily. The default could happen 49% of the time, and everything else happens way less than 1%, but is weird.

So 51% of the time it’s weird, but not the same weird.

replies(2): >>43712340 #>>43712461 #
18. LinuxBender ◴[17 Apr 25 01:59 UTC] No.43712340{5}[source]
Every place I've been we measured such weirdness outside of the 95'th and 99'th percentile. Anything out of common occurrence beyond the 99'th could be weird or interesting or fascinating. I still wish I could share the incident of a single NIC on a single server taking down an entire data-center, that was both weird and fascinating.
19. eli ◴[17 Apr 25 02:15 UTC] No.43712446{3}[source]
Isn't the stated reason, a miscommunication with the registrar, far far more likely?
replies(1): >>43712818 #
20. eli ◴[17 Apr 25 02:16 UTC] No.43712452[source]
Or... they did make a mistake. It happens to the best of us.
21. eli ◴[17 Apr 25 02:16 UTC] No.43712457{3}[source]
It didn't expire
22. root_axis ◴[17 Apr 25 02:18 UTC] No.43712461{5}[source]
If there is a "default" then "everything else" is not weird. The conclusion is "this thing doesn't work most of the time so it wouldn't be weird if it doesn't".
23. x0x0 ◴[17 Apr 25 02:39 UTC] No.43712577{3}[source]
Well, Zoom also lied about their encryption (or, perhaps more charitably, described it in a misleading way. nah, they just lied) and was directing traffic through chinese servers with no reason for doing it -- it was occurring when all meeting participants and the company paying for the zoom account were outside China -- besides enabling spying.
24. timewizard ◴[17 Apr 25 02:56 UTC] No.43712658{3}[source]
"It would be amiss not to start without a reference to AI, as 2024 saw the movements toward legal definitions and prohibited AI practices with the EU’s AI Act. 2024 also saw more innovative integration of AI into registrars’ service offerings, from “chatbots” to registration process flow to domain name generators. We also witnessed the rise of LLM (or Large Language Models) being used in Brand Protection Services and the identification of abusive registrations. This trend will definitely be increasing in 2025."

https://www.markmonitor.com/blog/2024-markmonitor-year-in-re...

25. Spooky23 ◴[17 Apr 25 03:26 UTC] No.43712818{4}[source]
In normal times, absolutely. These aren’t normal times.
replies(1): >>43713390 #
26. pigbearpig ◴[17 Apr 25 03:32 UTC] No.43712853[source]
Could it have been something as simple as "hey, zoonn.us is violating Zoom's copyright, please block it" and then someone typos "zoom.us".
27. varenc ◴[17 Apr 25 05:28 UTC] No.43713390{5}[source]
What's the escalation theory here mean? The US shut it down to damage a company it doesn't like? And 2-4 hours is meaningful? or China did it? Maybe it was shutdown and used as negotiating leverage and brought back when some agreement was reached?

GoDaddy's involvement really makes me believe that it's a genuine screw up.