Re: [outages] ntp.org DNS lookups failing
Hi, On Wed Jan 18 21:25:23 2017, Gert Doering via Outages wrote:
Trying to query directly, ns1/ns2.ntp.org return SERVFAIL as well, and ns1/ns2.everett.org do not reply at all... so pure guesswork on my side says "the original set is broken / under attack / ..., so new servers have been added, but as long as the old NS records are still being cached, things keep failing".
I see the same behaviour: alarig@pikachu ~ % dig -t NS ntp.org ; <<>> DiG 9.11.0-P2 <<>> -t NS ntp.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44422 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ntp.org. IN NS ;; Query time: 52 msec ;; SERVER: 2a00:5884:8218::1#53(2a00:5884:8218::1) ;; WHEN: Wed Jan 18 21:28:08 CET 2017 ;; MSG SIZE rcvd: 36 alarig@pikachu ~ % ssh alarig@log.bzh alarig@log:~$ sudo unbound-control flush_zone ntp.org [sudo] password for alarig: ok removed 8 rrsets, 0 messages and 0 key entries ^D alarig@log:~$ déconnexion Connection to log.bzh closed. alarig@pikachu ~ % dig -t NS ntp.org ; <<>> DiG 9.11.0-P2 <<>> -t NS ntp.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53621 ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ntp.org. IN NS ;; ANSWER SECTION: ntp.org. 3600 IN NS ns1.everett.org. ntp.org. 3600 IN NS ns2.everett.org. ntp.org. 3600 IN NS ns4.p20.dynect.net. ntp.org. 3600 IN NS dns2.udel.edu. ntp.org. 3600 IN NS anyns.pch.net. ntp.org. 3600 IN NS dns1.udel.edu. ntp.org. 3600 IN NS ns1.p20.dynect.net. ntp.org. 3600 IN NS ns2.p20.dynect.net. ntp.org. 3600 IN NS ns3.p20.dynect.net. ;; Query time: 178 msec ;; SERVER: 2a00:5884:8218::1#53(2a00:5884:8218::1) ;; WHEN: Wed Jan 18 21:31:51 CET 2017 ;; MSG SIZE rcvd: 236 -- alarig
participants (1)
-
Alarig Le Lay