The Post Office website downtime uncovered serious problems

But did anyone expect anything different? Mishaps like this particular incident, fail to surprise me anymore.
 
It's called Post Office, not Internet Office.

Don't come here with your European type communications.

The post must be free and get land back. It needs land to travel.
 
Let them do the SASSA job and see how long it will last. There is NO INTEREST in fixing SAPO's problems. Have had parcels stolen and 4 years down the line, there is no feedback

The Postmaster tells me, "I doubt they will reply". What happened to the new CEO, he seemed to be an intelligent person?

At my local PO, the staff tell me that some days, no-one comes through the door the whole time they are open
 
Let them do the SASSA job and see how long it will last. There is NO INTEREST in fixing SAPO's problems. Have had parcels stolen and 4 years down the line, there is no feedback

The Postmaster tells me, "I doubt they will reply". What happened to the new CEO, he seemed to be an intelligent person?

At my local PO, the staff tell me that some days, no-one comes through the door the whole time they are open

Perhaps if the staff turn the heaters down from the current 28 degrees C, more customers may come through the door.
 
At my local PO, the staff tell me that some days, no-one comes through the door the whole time they are open

Surely people still go to the local SAPO shop to get their vehicle licences renewed (when the eNATIS network isn't down)?

In Joburg SAPO shops will still be more popular than SCAMRAL eTrolling shops.
 
Postbank has helped millions of South Africans to keep their fortunes safe and their minds stress-free with more Products and benefits than ever before.

Where to even begin.. :crylaugh:
 
Where to even begin.. :crylaugh:

There appear to be several copies of that specific text on the net, I expect they are all phishing sites including the original postbank site itself:

2b99136cb6a343d9cc4730b6964cacc510ba6d2a457d995ceed9a581642bab9a.png
 
I've been running a hosting company on the side since 2001.

I don't think this article needed to be as long as it was, and it went on a bit of an unnecessary segue. Yes, this is an amusing story and yes the SAPO should have known better, but:

- domain renewals are a big problem in general, worldwide. GoDaddy has a business model built entirely around this. They hold expired domains to ransom that you have to buy on auction if you forget to renew. They aren't alone.

- people forget to renew things all the time (hello SSL certs!). Remember when Azure went down because of a cert?

- TTLs being different lengths are meaningless. One of the (several hundred) domains I manage has TTL of 300 seconds for a dev server, because if the IP address changes, the customer doesn't want to wait 60 minutes or 24 hours or whatever the default is, to update that subdomain.

Heck, it wasn't that long ago in the .za namespace that we had to send emails to update our records. org.za was one of the last holdouts and that was a nightmare.

Headlines aside, this was a serious problem, but not as serious as Calvin Browne makes it out to be.

The big problem here is that all these notifications are done by the most unreliable, insecure technology around: email. That's just insane.
 
Postbank has looked like a 419 scam since before 2014 ( archive.org ).
 
I've been running a hosting company on the side since 2001.

I don't think this article needed to be as long as it was, and it went on a bit of an unnecessary segue. Yes, this is an amusing story and yes the SAPO should have known better, but:

- domain renewals are a big problem in general, worldwide. GoDaddy has a business model built entirely around this. They hold expired domains to ransom that you have to buy on auction if you forget to renew. They aren't alone.

- people forget to renew things all the time (hello SSL certs!). Remember when Azure went down because of a cert?

- TTLs being different lengths are meaningless. One of the (several hundred) domains I manage has TTL of 300 seconds for a dev server, because if the IP address changes, the customer doesn't want to wait 60 minutes or 24 hours or whatever the default is, to update that subdomain.

Heck, it wasn't that long ago in the .za namespace that we had to send emails to update our records. org.za was one of the last holdouts and that was a nightmare.

Headlines aside, this was a serious problem, but not as serious as Calvin Browne makes it out to be.

The big problem here is that all these notifications are done by the most unreliable, insecure technology around: email. That's just insane.

The TTL of the domain is 5 minutes? Is that on it's own local DNS server? As I'm sure the DNS caches will still retain it for 24 hours or so?
 
Your stuff is so broken and our stuff is broken too

Mr Brown should fix his own spaghetti before he starts to complain about the disasters of others. Get yourself a copy of "dnstraverse" (ruby gem) and test any co.za domain. Postoffice.co.za is worse than most, and fully 8% of failure is due to co.za infrastructure.

Results:
18.5%: Answer from waterbok.postoffice.co.za (165.8.13.171)
postoffice.co.za. 600 IN A 165.8.13.24

17.3%: Answer from sangoma.saix.net (196.25.1.9)
postoffice.co.za. 600 IN A 165.8.13.24

17.3%: Answer from sabela.saix.net (196.43.1.9)
postoffice.co.za. 600 IN A 165.8.13.24

18.5%: Server failure (SERVFAIL) at demeter.is.co.za (196.26.5.8)

18.5%: Server failure (SERVFAIL) at titan.is.co.za (196.33.171.36)

1.0%: Refused at ns1.iafrica.com (196.7.0.139)
While querying ns2.telkom.co.za/IN/A

1.0%: Refused at ns2.iafrica.com (196.7.142.133)
While querying ns2.telkom.co.za/IN/A

7.9%: Query timed out at ns1.coza.net.za (66.135.62.20)
While querying ns.coza.net.za/IN/A

Summary Results:
53.1% answered with postoffice.co.za. 600 IN A 165.8.13.24
39% resulted in an error
7.9% resulted in an exception
The failure percentages are what you get starting from no cached information. To get a practical failure, you need two failures in a row. Because TTLs are around 24 hours, this happens once per resolver per day, and causes mail to bounce in random places - but only once.
 
Last edited:
- TTLs being different lengths are meaningless. One of the (several hundred) domains I manage has TTL of 300 seconds for a dev server, because if the IP address changes, the customer doesn't want to wait 60 minutes or 24 hours or whatever the default is, to update that subdomain.

Whilst the TTL Differences are on their own not significant,coupled with the non-responsive/non-existent DNS-servers and various crosslinks - any- changes to hosting or address (which includes changing from Hold/Cancelled to propagated again) could take days to seed back down the chain successfully
 
I've been running a hosting company on the side since 2001.

I don't think this article needed to be as long as it was, and it went on a bit of an unnecessary segue. Yes, this is an amusing story and yes the SAPO should have known better, but:

- domain renewals are a big problem in general, worldwide. GoDaddy has a business model built entirely around this. They hold expired domains to ransom that you have to buy on auction if you forget to renew. They aren't alone.

- people forget to renew things all the time (hello SSL certs!). Remember when Azure went down because of a cert?

- TTLs being different lengths are meaningless. One of the (several hundred) domains I manage has TTL of 300 seconds for a dev server, because if the IP address changes, the customer doesn't want to wait 60 minutes or 24 hours or whatever the default is, to update that subdomain.

Heck, it wasn't that long ago in the .za namespace that we had to send emails to update our records. org.za was one of the last holdouts and that was a nightmare.

You missed the 2010 intro of the EPP system?

Headlines aside, this was a serious problem, but not as serious as Calvin Browne makes it out to be.

Just so I understand this - you're ok with Auth NS's acting as Recursive NS's? You don't think it is a serious problem?

The big problem here is that all these notifications are done by the most unreliable, insecure technology around: email. That's just insane.

Let's leave aside the 8 year old EPP system, and why the Postoffice don't switch - with all respect, mailto Auth is not mailfrom Auth. It's relatively safe, barring someone being able to sniff network traffic between the two MTA's. And even if someone could intercept those cookies, the logic behind the legacy system means that unauthorised updates are easily mitigated. So.... unless you're able to inject false MX records into an Auth NS, like, say when you make an Auth NS a Recursive as well...... oh..... wait......
 
He said the problems which were uncovered made it “quite remarkable that anything works at all” and contributed to the extended downtime.
That anything to do with the PO works at all is remarkable.
 
Top
Sign up to the MyBroadband newsletter
X