Gui Castelão

Personal website

Feb 28, 2016

Tech Support (DNS)

XKCD just brought me some cool memories. I did experience that, but for real, not in a dream. In the early 2000's I was investing quite some time in web development with Linux, Apache, MySQL & PHP, and building some web projects with a friend at that time.

As far as I remember, the web connection in Brazil was still mostly dial-up until 2000-ish, when the ADSL show up. Keep in mind that technology in Brazil used to be several years behind the USA. A few years later the only phone company operating in São Paulo was offering what they called ADSL-business, which was supposed to provide service for small businesses. The whole technology was too young in Brazil, and they were not ready for that, at least Telefonica didn't set up an experient team initially. The "business" service option was quite more expensive than the residential but the difference was actually a fixed IP, while the reliability and support were far from what a business would require.

At that time I had several servers running at home. There was an old 586 firewall running OpenBSD and behind it web and mail servers. I started creating email lists with majordomo a few years before. The main maillist was called parlatorio (I liked that name), and it was dedicated to brazilian oceanographers. It ran OK but was quite demanding to keep it working fine, so I moved to qmail which was way more intuitive to set up and maintain. The same person who created qmail, created the tiny-dns, which was a joy after one spend some time working with BIND. Well, back to the servers in São Paulo, configuring and then working with tiny-dns I learned a lot about DNS, which is the reason for this story. Once one works with Linux, we just learn to hack everything, and it wasn't different with my ADSL modem at home. With simple tools such as ping, traceroute, host, and telnet, it was easy to find out where was the problem every time I lost connection at home. Oh man, that was a frequent thing. I used to call so much, but so much to tech-support of Telefonica to complain! Paying for a business link made it feel right to demand a fair link. Of course, every time was the same thing following the script. Initially, there was no dedicated support for the business branch, so the person on the phone was following a script for windows desktops. In the first rounds, I tried to explain that I had something different at home, but soon I realized that I was losing my time, so for the first 20 min or so I would just say: yes; I did; restarting; still rebooting; etc while I was actually working on something else and pretending I was following the instructions given, just so we all follow the script. After some time, I would be transferred to someone else in the chain.

Well, I'm not sure when, but one day the magic happened. Probably after talking with some supervisor. Yes, I frequently asked to be transferred to the supervisor, and they would just transfer me to someone else. Maybe the one at the next desk, who knows? But on that day, without informing me, for whatever reason, they transferred me to their core engineers for the network. I spoke with a girl that actually understood my complaint, oh that was a good feeling. Just a few words and she got it and hit me back with questions that made sense. Oh, I can't believe it! I don't remember exactly anymore what was the problem, but I have in my mind that they had a disagreement with their backup DNS server. They were using BIND. I only remember that I thought her a trick that I figured out configuring my DNS at home. Something silly like: "you need to run make again every time you change the config file".

Oh, I never mentioned it. The DNS at home was something. The OpenBSD was a ghost firewall, and the packets would pass transparently between the external and internal ethernet cards while it would do its job. At that time, rules for dynamic blocking in real-time were something new and I was just fascinated by that! Inside the DNS would allow the servers where to find each other, while it would provide for the rest of the world our entry point IP and ports. Yeap, domains wouldn't come with the DNS service included until many years later, and we had to have our own.

Back to the main story. At the time that I helped them, they gave me a password that I could use to reach them every time I called support. Oh, I loved that power so much! After that day it would be almost like a script again, but a different one. I would call the support, we introduce ourselves, the person would ask something about my windows, I would explain that I have a code for special access, and they would acknowledge and explain that they needed to verify a couple of things with me and run another few tests before I could be transferred. Then I would insist once or twice for them to try my authorization code in their terminal and promise that if it didn't work I would do all the tests they wanted, and suddenly the magic words: "Sir, I'm transferring you right now". I'm so curious to know what happened there once they tried my access code. I imagine a red box blinking in their terminal: "TOP LEVEL, ABOVE YOUR CLEARANCE. TRANSFER WITHOUT QUESTIONS!" :)