“To be fair, it was only a subdomain. From what I have seen, there was no mail server on that subdomain, which was used for Azure services,” Caturegli said. “[But] as an end user, you have no idea of where you are going. You are simply trusting the DNS.”
The problem is that this kind of cut-and-paste error is very easy to make, and the nature of the character strings makes it difficult to detect the error. Even worse, if the error is not detected right away, it could remain in place for an extended period, as Mastercard has learned.
“You need to continually check your configurations for any obvious mistakes. But with DNS, once it is configured, it is not going to generate an error,” Caturegli said. “Unless you check your configuration, you are not going to know about this issue. You can’t rely on tools. They wouldn’t even have any logs (showing the error). They won’t see it on any of their logs.”
