Dan,
That dig tip for identifying the NS phy loc is very nice! That's something I can put in our support procedures for DNS troubleshooting.
-mel
From: nanog@fleish. <nanog@org fleish. >org
Sent: Monday, January 13, 2025 7:19 AM
To: Mel Beckman <mel@beckman. >; sterling.org daniel@ <sterling.gmail. com daniel@ >gmail. com
Cc: North American Network Operators' Group <nanog@nanog. >org
Subject: Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries workI’m seeing some of the resolver IPs being filtering from various locations while responding from others, no doubt due to their use of anycast. I rarely ping test 4.2.2.2 anymore, having switched to 8.8.8.8 some time ago which I have a window up running 24x7 as a quick way to detect if my laptop is having connectivity issues from wherever it currently resides. It’s usually reliable, but I understand such traffic is the first to get filtered/dropped when needed so it’s just an initial indicator for me from which further testing can be performed when needed.
I will also mention it’s possible to detect which NS server/pool/location you are reaching on Level3’s network via the below dig query. This has been an invaluable tool over the years as IME they tend to break DNS sub-delegation at least once or twice a year and the more data you can provide to them about where the breakage is the faster you can get them to engage the DNS team to actually fix it vs. arguing with you that it’s not broken because it "works for them” (facepalm). And at least once I found they broke resolution on their authoritative name servers (ns1.l3. or ns2.net l3. ) and again they first told me it wasn’t a problem because DNS again the broken one(s) would timeout and then get the answer from another, working server (double-facepalm).net
dig +short @4.2.2.2 hostname.bind CH TXT
I’ve also been provided this query to derive the same for Cloudflare’s NS servers:
dig CHAOS TXT id.server @1.1.1.1 +nsid
And the following for Cleanbrowsing NS servers (these power content filtering on Unifi networks):
nslookup -type=txt iptest.whois. dnscontest. cleanbrowsing. org
Below are the results I got for Level3 from various locations (pardon the wall of text). It looks like they’re making some changes to serve DNS queries off their NTP servers
From Level3 WDC1/McLean:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.987/0.987/0.987/0.000 ms"pubntp1.wdc12"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.926/0.926/0.926/0.000 ms"cns4.sjo1"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.799/0.799/0.799/0.000 ms"pubntp1.wdc12"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.855/0.855/0.855/0.000 ms"pubntp2.wdc12"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.897/0.897/0.897/0.000 ms"cns4.sjo1"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.973/0.973/0.973/0.000 ms"pubntp1.wdc12”
>From Level3 SFO1/Sunnyvale:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---2 packets transmitted, 0 received, 100% packet loss, time 999ms
"cns3.sjo1"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns2.sjo1"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns1.sjo1"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns2.sjo1"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.275/0.275/0.275/0.000 ms"cns3.sjo1"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns3.sjo1”
>From Comcast Atlanta:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns2.atl2"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 13.442/13.442/13.442/0.000 ms"cns4.atl2"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 13.431/13.431/13.431/0.000 ms"cns2.atl2"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 13.632/13.632/13.632/0.000 ms"cns2.atl2"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 12.656/12.656/12.656/0.000 ms"cns3.atl2"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 12.041/12.041/12.041/0.000 ms"cns4.atl2”
>From AT&T Atlanta:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns2.atl2"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"pubntp1.atl2"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns3.atl2"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 15.430/15.430/15.430/0.000 ms"pubntp1.atl2"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns3.atl2"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 16.103/16.103/16.103/0.000 ms"cns4.atl2”
>From AT&T SF Bay Area Peninsula:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 7.880/7.880/7.880/0.000 ms"cns3.sjo1"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns2.sjo1"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 6.888/6.888/6.888/0.000 ms"cns3.sjo1"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---2 packets transmitted, 0 received, 100% packet loss, time 1000ms
"cns4.sjo1"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 7.173/7.173/7.173/0.000 ms"cns1.sjo1"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns2.sjo1”
>From DRFortress Honolulu:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns3.sjo1"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns3.sjo1"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 54.233/54.233/54.233/0.000 ms"cns3.sjo1"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns3.sjo1"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 54.195/54.195/54.195/0.000 ms"cns3.sjo1"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
"cns4.sjo1”
>From Hawaiian Telecom Honolulu (oddly from here I get no response to the hostname.bind dig queries):
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 54.727/54.727/54.727/0.000 msPING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 56.765/56.765/56.765/0.000 msPING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 0 received, 100% packet loss, time 0ms
>From Unitas Seacacus:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 2.062/2.062/2.062/0.000 ms"cns2.nyc6"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 2.012/2.012/2.012/0.000 ms"cns2.nyc6"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.651/1.651/1.651/0.000 ms"cns3.nyc6"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 2.055/2.055/2.055/0.000 ms"cns2.nyc6"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 2.102/2.102/2.102/0.000 ms"cns3.nyc6"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.626/1.626/1.626/0.000 ms"cns3.nyc6”
>From Verizon FIOS New York (oddly from here I get no response to the hostname.bind dig queries):
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 4.355/4.355/4.355/0.000 msPING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 3.764/3.764/3.764/0.000 msPING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 4.053/4.053/4.053/0.000 msPING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 3.394/3.394/3.394/0.000 msPING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 3.442/3.442/3.442/0.000 msPING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 4.944/4.944/4.944/0.000 ms
>From Allied Telecom in Washington DC:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
--- 4.2.2.1 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.683/1.683/1.683/0.000 ms"pubntp1.wdc12"PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.592/1.592/1.592/0.000 ms"pubntp2.wdc12"PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data.
--- 4.2.2.3 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.776/1.776/1.776/0.000 ms"cns1.wdc12"PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
--- 4.2.2.4 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.810/1.810/1.810/0.000 ms"pubntp2.wdc12"PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data.
--- 4.2.2.5 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.729/1.729/1.729/0.000 ms"cns1.wdc12"PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data.
--- 4.2.2.6 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.432/1.432/1.432/0.000 ms"cns4.sjo1”
-TOn Jan 13, 2025, at 07:00, nanog-request@nanog. wrote:org Message: 6
Date: Mon, 13 Jan 2025 04:24:50 +0000
From: Mel Beckman <mel@beckman. >org
To: Daniel Sterling <sterling.daniel@ >gmail. com
Cc: Jerry Cloe <jerry@jtcloe. >, "nanog@net nanog. " <nanog@org nanog. >org
Subject: Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS
queries work
Message-ID: <1E72A509-881F-453A-B5D4-7AF8FDB44C4E@beckman. >org
Content-Type: text/plain; charset="utf-8"
Dan,
Thanks! I had never read that before. But that makes sense.
-mel
On Jan 12, 2025, at 8:22?PM, Daniel Sterling <sterling.daniel@ > wrote:gmail. com
?
Seems like these IPs not responding to ping is not unusual, as per https:// www. reddit. com/ r/ sysadmin/ comments/ 11syv2e/ google_dns_8888_dropping_pings_like_crazy_today/
"Google has stated multiple times before as has Level3/CenturyLink/Lumen that 4.2.2.1 and 8.8.8.8 should not be used for ping checks and they will drop packets when under load or if they notice too much activity from a single IP"
-- Dan
On Sun, Jan 12, 2025 at 11:03?PM Mel Beckman <mel@beckman. <mailto:mel@org beckman. >> wrote:org
Still not pinging from Frontier, Lumen, AT&T, or Verizon networks
-mel
On Jan 12, 2025, at 4:13?PM, Jerry Cloe <jerry@jtcloe. <mailto:jerry@net jtcloe. >> wrote:net
?
O:\>ping 4.2.2.1
Pinging 4.2.2.1 with 32 bytes of data:
Reply from 4.2.2.1<http:// >: bytes=32 time=36ms TTL=564. 2. 2. 1
Reply from 4.2.2.1<http:// >: bytes=32 time=44ms TTL=564. 2. 2. 1
Reply from 4.2.2.1<http:// >: bytes=32 time=36ms TTL=564. 2. 2. 1
Reply from 4.2.2.1<http:// >: bytes=32 time=38ms TTL=564. 2. 2. 1
Ping statistics for 4.2.2.1<http:// >:4. 2. 2. 1
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 44ms, Average = 38ms
Same for 4.2.2.2
-----Original message-----
From: Mel Beckman <mel@beckman. <mailto:mel@org beckman. >>org
Sent: Sun 01-12-2025 06:07 pm
Subject: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work
To: nanog@nanog. <mailto:nanog@org nanog. >;org
I noticed that Level3 open DNS 4.2.2.1 and 4.2.2.2 stopped responding to ping today. They are responding to DNS queries however.
Does anyone know if this filtering is going to be permanent?
-mel beckman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http:// >mailman. nanog. org/ pipermail/ nanog/ attachments/ 20250113/ eb801d1d/ attachment-0001. html