How a Whole Country Goes Offline

January 21, 2015
Peter Helmenstine

Whether you’ve seen Sony’s recent comedy The Interview or not, chances are, you’ve at least heard about it in the news. In case you’re still in the dark, here’s a quick overview: On November 24th, Sony Pictures was hacked. Leaked documents included salaries, SSNs, healthcare records, and internal emails between employees.

Despite the fact that there was never any actual evidence that North Korea carried out the attack in retaliation for The Interview, the saga took an interesting turn on Monday, December 22nd, when North Korea went offline.

These days, most of us have stable high-speed Internet connections. It’s easy for us to take for granted just how stable and reliable our connections are. The thought of a whole country going offline seems almost impossible for most of us. So how exactly did the whole country of North Korea go offline last week?

According to an analysis by Arbor Networks, it appears that the organization Anonymous performed a Denial of Service attack on North Korea’s two primary DNS servers. This crippled the country’s services because they weren’t able to resolve IP addresses. Of course, that may not make a whole lot of sense if you’re not already familiar with the DNS system and what it does, so let’s rewind a bit.

The Domain Name System, abbreviated DNS, matches names to numbers. Everything connected to the Internet, from iPhones to websites, has an IP address. The IP address for Telx’s website, for example, is 67.23.43.157. (You can type this directly into your browser and it will go straight to our website, bypassing the DNS lookup.) When we’re giving clients the address to our site, however, we don’t tell them our IP address, direct as it may be. Instead, we give them our domain name: www.telx.com. DNS matches domain names with IP addresses, making the Internet easier to navigate for humans, who remember words and names much better than numbers.

The problem is that there are a whole lot of domain names, and a whole lot of IP addresses, and they change frequently. It’s not logistically feasible for your laptop to have a database of every single domain name and IP address. This problem is solved by DNS servers, which hold a host of IP addresses associated with domain names. You plug in the domain name, a DNS server returns an address, and all of a sudden, your browser knows where to find the site you’re looking for.

Piecing this all together, it’s not hard to imagine how an attack on DNS servers could throw a wrench into the works. This is especially true for North Korea, which only has a few primary DNS servers. Without the ability to resolve IP addresses, traffic in the country slowed to a halt. That, in a nutshell, is how a whole country goes offline.

Here at Telx, we’ve been working with Packet Clearing House (PCH) to establish additional DNS root and top-level-domain servers in our facilities to reduce the chance of attacks like this affecting our customers. We’re now seeing the benefits of these efforts as countries fall off the Internet. We like to think we’re doing our part to make the Internet more stable.

The next time you log on, whether it’s to www.telx.com, www.netflix.com, or anything in between, take a moment to remember the DNS servers hard at work behind the scenes. Without them, you could well find yourself sitting at home without a means of navigating the Internet.

Contact Us