Well well, it looks like a Direct Connect circuit to Google was leaking the route to this DMZ 153.7.233.0/24 back to Google via BGP. Return traffic from Google (for only some fraction of DNS queries) was passing back across this leaked route, and being dropped on this Direct Connect peering point at Disney. Gotta love it when a problem is solved, by the OP, within an hour of resorting to mailing the NANOG community. Thanks all, nothing to see here! -David On Thu, Oct 19, 2017 at 8:41 PM, David Sotnick <sotnickd-nanog@ddv.com> wrote:
Hi Nanog,
I am principal network engineer for sister-studio to Disney Studios. They have been struggling with DNS issues since Thursday 12th October.
By all accounts it appears as though *some* of the Google DNS resolvers cannot reach the authoritative nameservers for "studio.disney.com".
This is causing ~20-30% of all DNS requests against Google Public DNS 8.8.8.8 / 8.8.4.4 to fail for requests in this subdomain.
The name servers reside in 153.7.233.0/24.
Might someone be able to *connect me* with someone at Google to assist my poor colleagues who are banging their heads against a brick wall here.
Thank you, David