Sophos AV update failed
UPDATE Sophos has resolved the outage as of 13.30
A sporadic domain name server (DNS) error has blocked Sophos anti-virus updates around the world.
Sophos chief of technology Paul Ducklin said the cause of the error is as yet unknown.
“The update is still working in areas, but there are some dud ISP DNS entries that have Sophos.com listed as off the air which haven't fixed their caches yet,” Ducklin said.
“There was some 'not there' data published by Sophos's ISP in the United Kingdom. Bigpond and Exetel, for example, are working fine.
Experts say the error could be caused by DNS caches which have stored a dodgy update of the Sophos servers, and are feeding them to customers.
The caches collect and store server data for a minimum time, dubbed the Minimum Cache Time to Live (MCTTL), as specified by the sever owners. The data, which could be between 12 and 24 hours old depending on the MCTTL, is fed to ISP customers who request access to the servers. Users can be fed corrupt data during the MCTTL if the caches downloaded errors in the updates.
“It is a transient DNS problem that has been cached and once [the cache] expires, it will start working again it,” Ducklin said
Ducklin also said affected users can still update their software by subscribing to an alternative DNS.
Internode network engineer Mark Newton said the errors could clear once the minimum cache refresh times expire, but added Sophos cannot force an update once the data has been downloaded.
“Caches will nuke the data when the MCTTL expires [but] they will retain the records until the time expires,” Newton said.
“ISPs can manually refresh their DNSes if Sophos wants it to happen.”
Tests conducted by IDG suggest affected DNS servers include those hosted by Optus, Internode and Equinix, among others.