Is Mercury retrograde or something?

[altivo]

This seems to be shaping up as a week of technology failure. First yesterday's mess at work, which is nowhere near resolved and will have library users throwing rocks through our windows soon because their free internet service is down, and now more this morning.

Mate's computer is in some sort of CHKDSK loop it seems. When booted, it announces that the hard drive is "dirty" and runs CHKDSK which reports no errors but when it gets to "verifying free space" it just seems to stop at 5%. Reboot and the cycle repeats itself.

Google seems to be utterly trashed this morning. Nothing Google related is accessible here. I've poked through DNS and found various apparent referral loops and dead ends. Were they hacked or did they do something to cause a massive failure? Hard to tell, since so much depends on them now. Everything is down.

Ever look at the results for "whois google.com" ?? What's with that? I dunno if you normally get such gibberish as GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM and GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM and many other such obnoxious entries or if this is a symptom of what's going on. Way down at the bottom you still find what should be the normal entry for google.com, though. Their own name servers are up, but all the public name servers I tried this morning couldn't locate www.google.com or mail.google.com or anything else in their domain.

Comments

[hrrunka]

For what it's worth, "whois google.com" reports as follows from here:

% whois google.com
[Querying whois.internic.net]
[Redirected to whois.markmonitor.com]
[Querying whois.markmonitor.com]
[whois.markmonitor.com]

MarkMonitor is the Global Leader in Enterprise Brand Protection.

Domain Management
MarkMonitor Brand Protection
AntiFraud Solutions
Corporate Consulting Services

Visit MarkMonitor at www.markmonitor.com
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300

[Insert disclaimer here]

Registrant:
        Dns Admin
        Google Inc.
        Please contact contact-admin@google.com 1600 Amphitheatre Parkway
         Mountain View CA 94043
        US
        dns-admin@google.com +1.6502530000 Fax: +1.6506188571

    Domain Name: google.com

        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:
        DNS Admin
        Google Inc.
        1600 Amphitheatre Parkway
         Mountain View CA 94043
        US
        dns-admin@google.com +1.6506234000 Fax: +1.6506188571
    Technical Contact, Zone Contact:
        DNS Admin
        Google Inc.
        2400 E. Bayshore Pkwy
         Mountain View CA 94043
        US
        dns-admin@google.com +1.6503300100 Fax: +1.6506181499

    Created on..............: 1997-09-15.
    Expires on..............: 2011-09-13.
    Record last updated on..: 2009-06-21.

    Domain servers in listed order:

    ns1.google.com
    ns2.google.com
    ns4.google.com
    ns3.google.com

[altivo.livejournal.com]

Nope. I'm at work now. Google did become accessible again shortly after 8 am local time, just before I left home. I just ran whois here, on a different machine, different provider, different dns. I still get the same pile of garbage (the text you posted is added at the end of all this:

Server Name: GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.195
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net

Server Name: GOOGLE.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
IP Address: 64.28.187.63
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com

Server Name: GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
IP Address: 217.107.217.167
Registrar: DOMAINCONTEXT, INC.
Whois Server: whois.domaincontext.com
Referral URL: http://www.domaincontext.com

Server Name: GOOGLE.COM.ZNAET.PRODOMEN.COM
IP Address: 62.149.23.126
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com

Server Name: GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET
IP Address: 62.41.27.144
Registrar: KEY-SYSTEMS GMBH
Whois Server: whois.rrpproxy.net
Referral URL: http://www.key-systems.net

Server Name: GOOGLE.COM.VN
Registrar: ONLINENIC, INC.
Whois Server: whois.onlinenic.com
Referral URL: http://www.OnlineNIC.com

Server Name: GOOGLE.COM.UY
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com

Server Name: GOOGLE.COM.UA
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com

Server Name: GOOGLE.COM.TW
Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC
Whois Server: whois.webnic.cc
Referral URL: http://www.webnic.cc

Server Name: GOOGLE.COM.TR
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com

Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
IP Address: 80.190.192.24
Registrar: EPAG DOMAINSERVICES GMBH
Whois Server: whois.enterprice.net
Referral URL: http://www.enterprice.net

Server Name: GOOGLE.COM.SPROSIUYANDEKSA.RU
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com

Server Name: GOOGLE.COM.SERVES.PR0N.FOR.ALLIYAH.NET
IP Address: 84.255.209.69
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com

Server Name: GOOGLE.COM.IS.SHIT.SQUAREBOARDS.COM
IP Address: 203.170.84.81
Registrar: AUST DOMAINS INTERNATIONAL PTY LTD DBA AUST DOMAINS, INC.
Whois Server: whois.syra.com.au
Referral URL: http://www.syra.com.au

Server Name: GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
IP Address: 217.148.161.5
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com

Server Name: GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET
IP Address: 66.49.213.213
Registrar: NAME.COM LLC
Whois Server: whois.name.com
Referral URL: http://www.name.com

Server Name: GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
IP Address: 213.228.0.43
Registrar: GANDI SAS
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net

Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
IP Address: 209.187.114.130
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net

...and more of the same

[jbadger.livejournal.com]

jbadger@jbadger-08:46-~$ dig www.google.com

; <<>> DiG 9.5.1-P2 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63992
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 84987 IN CNAME www.l.google.com.
www.l.google.com. 479 IN A 64.233.169.147
www.l.google.com. 479 IN A 64.233.169.106
www.l.google.com. 479 IN A 64.233.169.104
www.l.google.com. 479 IN A 64.233.169.105
www.l.google.com. 479 IN A 64.233.169.103
www.l.google.com. 479 IN A 64.233.169.99

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 27 08:46:54 2009
;; MSG SIZE rcvd: 148

jbadger@jbadger-08:46-~$ dig txt google.com

; <<>> DiG 9.5.1-P2 <<>> txt google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27602
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN TXT

;; ANSWER SECTION:
google.com. 3249 IN TXT "v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

;; Query time: 22 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 27 08:49:13 2009
;; MSG SIZE rcvd: 122
jbadger@jbadger-08:49-~$ dig mx google.com

; <<>> DiG 9.5.1-P2 <<>> mx google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65265
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN MX

;; ANSWER SECTION:
google.com. 823 IN MX 10 google.com.s9b2.psmtp.com.
google.com. 823 IN MX 10 google.com.s9b1.psmtp.com.
google.com. 823 IN MX 10 google.com.s9a2.psmtp.com.
google.com. 823 IN MX 10 google.com.s9a1.psmtp.com.

;; Query time: 78 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 27 08:49:30 2009
;; MSG SIZE rcvd: 162

jbadger@jbadger-08:49-~$

[altivo.livejournal.com]

See response above. Different machine, different provider, different DNS. And I still get the garbage.

Google did come back up shortly after 8 am local time, and the problem was clearly DNS related.

[megadog.livejournal.com]

Google's resolving and whoising just fine here.

Could it be your system (or your ISP's DNS server) is suffering some sort of DNS poisoning or malicious DNS-redirection?

[altivo.livejournal.com]

Nope. By the timestamp on your reply, Google was available again here.

I tried changing to half a dozen different DNS sources with the same results prior to that. It looked like it was internal to Google, where the generic names redirect to nodes at "l.google.com" and those addresses were not responding or redirecting back to the generic name.

At work now, and I still see the garbage in the whois response. I copied part of it above. See first reply.

[mondhasen.livejournal.com]

No problem googling here, from home anyway. At work it all runs through Central's servers, and I'm not there this week to see what they're doing.

[altivo.livejournal.com]

Problem went away shortly before you posted this, so probably was fixed when you tried. WHOIS still is full of garbage though.

[kakoukorakos.livejournal.com]

Looks fine to me, sounds like you have a hosts file that's been compromised, someone set-up proxies that are using a rogue DNS server, or your primary DNS server got hacked, in that order of inconvenience.

[altivo.livejournal.com]

Could have been that, but it wasn't any of those, I had already checked. I tried several different DNS sources with the same result. The problem went away right after 8 am local or 0100 UTC, so was probably cleared by the time you checked. WHOIS still appears full of garbage, though.

[corelog.livejournal.com]

For Gary's computer, try booting to Recovery Console and running CHKDSK /P. Fixes a lot of problems for me. (Recovery Console is available by booting to the XP installation CD, unless you've installed it to your hard drive for easy access like I have.)

For DNS, Google is resolving normally for me. I use OpenDNS, which I've always found reliable and simple. You don't have to sign up for an account unless you want to customize your DNS responses for stuff like typo correction and phish blocking. If you just use their servers with no account (208.67.222.222 and 208.67.220.220), you get your bog-standard DNS responses, quick and reliable. Which is why I memorized their servers. :) Always handy to have a known-good DNS server around.

[altivo.livejournal.com]

Google started resolving correctly again right after 8 am local, 0100 UTC. So it was probably fixed when you tried. I did in fact try OpenDNS among the various DNS providers I checked between 6:30 and 7:30 am, and still got the same results. I think it was a screw up at Google, and involved their own load balancing or redirection.

Gary's machine seems to be running fine now. We went through [un]safe mode and it booted fine on the "use previous working configuration" option.

My suspicion is that Microsoft CHKDSK can't handle a primary drive the size of the one he's got in there now.

[felder.livejournal.com]

Aye, that looks like a poisoned DNS or a PC thats riddled with malware and other nasties. may want to find a malware scanner that can make a PC CD you can boot from, so it can scan and check the HD for nasties.

[altivo.livejournal.com]

Might have been any of those but it wasn't. This was a Linux PC with a solid firewall, and I tried half a dozen different DNS providers with the same results every time. Only Google was affected, everything else was normal. It cleared up right about at 0100 UTC. I think it was internal to Google, and involved load balancing or redirection.

WHOIS is still full of garbage, but I think that's a separate issue since it doesn't directly affect the resolution. I quoted some of the trash above.

[farhoug.livejournal.com]

It looks like this has happened before, there's some Google hits for one of the "domains" that date back to April 2008. Can't quite figure if it's about whois querys ending up to alternate servers, or someone fiddling with the DNS...

One explanation was that the query returns all domains with google.com in them, making it some sort of lame spamming attempt, but why is it that it only works some of the time...?

[altivo.livejournal.com]

No idea. Whois, of course, doesn't directly affect DNS resolution. That problem did clear itself up right at 0100 UTC, and I think it was internal to Google's own DNS. Probably load-balancing, which seems to cause many such problems at big sites.

[songdogmi.livejournal.com]

I don't know much about astrology (my mom's the family expert). but it seems that Mercury spends an awful lot of time retrograde.

[altivo.livejournal.com]

Astrologically speaking, when Mercury moves backward through the zodiac it is supposed to indicate a time when mechanical contrivances and other mental constructs are prone to failure or misfires. Hence the popular usage, even by people who don't ordinarily pay attention to astrology. :)

Unfortunately for the astrologers, that doesn't explain the current spate of failures here. Mercury turned back on September 17 and switched back to forward motion at the end of September. The period of "retrograde" ended on October 18 when the planet reached the same point in the zodiac at which its apparent motion reversed back in September. I went and checked this morning because there was so much coincidence of this stuff.

[leopanthera.livejournal.com]

Google's WHOIS is full of crap all the way over here in the UK as well. It doesn't seem to be affecting it, but it's kinda weird.

[leopanthera.livejournal.com]

OK, as far as I can tell, it's because your whois (and mine) is doing some kind of wildcard search where it's returning any DNS address in the database with "google.com" in the name, which includes subdomains of other domains.

Very confusing.

[altivo.livejournal.com]

Yeah, WHOIS doesn't really have a direct effect on function. It does look pretty strange, though.

[kyhwana.livejournal.com]

As above.. see http://www.razzed.com/2009/01/15/at-first-i-thought-google-was-being-hacked/ for an explanation :)

[altivo.livejournal.com]

Not hacked in the case of WHOIS, just abused for the sake of SPAM apparently. Pretty obscure method of spamming though. It's hard to figure whether it's the spammers or their target victims who are more stupid, I think.

[cabcat.livejournal.com]

That hard drive is probably on its way out, skip the diskcheck and back everything up, I've seen that often enough where I used to work. Media degredation and bad sectors cause that nastiness.

[altivo.livejournal.com]

The drive is fine, and it's only a few weeks old. Microsoft's CHKDSK is the culprit. It apparently can't handle terabyte drives at all. We had to use safe mode to get rid of the flag that was making Windows want to scan the drive every time it booted. Most of it is empty space of course, and it seems CHKDSK can't handle the free space chains.