Microsoft Taps Akamai for DNS Backup System
- By Scott Bekker
The fallout continues from last week’s embarrassing Web site outages, with Microsoft Corp. announcing it has partnered with Akamai Technologies to provide backup for its domain name service (DNS) servers.
Microsoft spokesman Adam Sohn confirmed Monday that Akamai will handle DNS requests if its own servers are down or under attack. Microsoft hosts its own DNS, and up until now, all DNS servers had been on the same subnet, making it a potential single point of failure and ripe for just such a breach.
“That’s one of the architectural lessons we learned the hard way,” Sohn says, referring to the denial of service (DoS) attacks that made a host of Microsoft’s chief Web sites unreachable by the outside world for much of last Tuesday and Wednesday, and parts of Thursday and Friday.
Given Redmond’s software expertise and army of engineers, it is fair to ask why it could not have seen this coming years ago, and taken steps then to avoid the single point of failure system it had in place. Sohn did not have an answer, only replying that Microsoft has learned its lesson.
“We’ve been serving up DNS fine for years, but with the hindsight of the last week we wish we’d done distribution in the past,” Sohn says. Under the new system, any in-house DNS outage will automatically roll over to the Akamai backup servers, keeping the sites running.
So what happens if both primary and backup systems are attacked, since hackers have always had a special affinity for Microsoft? Sohn is skeptical that such an orchestrated attack would work. “Is somebody going to launch an attack on two networks and be successful? We have think about how much distribution is necessary, how much makes sense.”
In the meantime, Microsoft continues its public relations offensive, attempting to minimize damage and shore up confidence in its products and the company itself.
Microsoft released a statement on its primary Web site Monday giving its side of the story. After describing Friday’s DoS attacks, CIO Rick Devenuti states that, “This attack was not related to the security or reliability of any Microsoft product. In fact, no Microsoft product was targeted as part of the attack. This attack was not an attempt at intrusion, and no customer data was compromised in any way.”
That explanation fits the profile of a DoS hack, which is simply meant to keep others from getting to a site, and not to damage a site or alter a site’s content. -- Keith Ward
Scott Bekker is editor in chief of Redmond Channel Partner magazine.