dig www.cisco.com @8.8.8.8 ; <<>> DiG 9.8.3-P1 <<>> www.cisco.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60416 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.cisco.com. IN A ;; AUTHORITY SECTION: cisco.com. 1247 IN SOA edns-rtp5-1-l. postmaster.cisco.com. 16034550 7200 1800 864000 86400 ;; Query time: 94 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Mar 19 07:36:22 2016 ;; MSG SIZE rcvd: 91 — Dmitry Sherman Interhost Networks Ltd dmitry@interhost.net office: 972-74-7029881 mobile: 972-54-3181182 http://www.interhost.co.il
Confirmed in Northern California, on all 3 primary NS servers. A little Friday night maintenance window, maybe? Looks like it’s just the www record...
On Mar 18, 2016, at 10:38 PM, Dmitry Sherman <dmitry@interhost.net> wrote:
dig www.cisco.com @8.8.8.8
; <<>> DiG 9.8.3-P1 <<>> www.cisco.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60416 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;www.cisco.com. IN A
;; AUTHORITY SECTION: cisco.com. 1247 IN SOA edns-rtp5-1-l. postmaster.cisco.com. 16034550 7200 1800 864000 86400
;; Query time: 94 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Mar 19 07:36:22 2016 ;; MSG SIZE rcvd: 91
— Dmitry Sherman Interhost Networks Ltd dmitry@interhost.net office: 972-74-7029881 mobile: 972-54-3181182 http://www.interhost.co.il
Hi, Here is the dig results, yes it seems only happened to www gizmos:~ david$ dig www.cisco.com +trace ; <<>> DiG 9.8.3-P1 <<>> www.cisco.com +trace ;; global options: +cmd . 131 IN NS c.root-servers.net. . 131 IN NS d.root-servers.net. . 131 IN NS i.root-servers.net. . 131 IN NS l.root-servers.net. . 131 IN NS a.root-servers.net. . 131 IN NS f.root-servers.net. . 131 IN NS k.root-servers.net. . 131 IN NS b.root-servers.net. . 131 IN NS m.root-servers.net. . 131 IN NS e.root-servers.net. . 131 IN NS j.root-servers.net. . 131 IN NS h.root-servers.net. . 131 IN NS g.root-servers.net. ;; Received 228 bytes from 103.234.208.150#53(103.234.208.150) in 2473 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 491 bytes from 198.97.190.53#53(198.97.190.53) in 799 ms cisco.com. 172800 IN NS ns1.cisco.com. cisco.com. 172800 IN NS ns2.cisco.com. cisco.com. 172800 IN NS ns3.cisco.com. ;; Received 217 bytes from 192.26.92.30#53(192.26.92.30) in 1197 ms cisco.com. 86400 IN SOA edns-rtp5-1-l. postmaster.cisco.com. 16034550 7200 1800 864000 86400 ;; Received 91 bytes from 72.163.5.201#53(72.163.5.201) in 243 ms gizmos:~ david$ dig cisco.com +trace ; <<>> DiG 9.8.3-P1 <<>> cisco.com +trace ;; global options: +cmd . 120 IN NS b.root-servers.net. . 120 IN NS c.root-servers.net. . 120 IN NS j.root-servers.net. . 120 IN NS e.root-servers.net. . 120 IN NS m.root-servers.net. . 120 IN NS l.root-servers.net. . 120 IN NS h.root-servers.net. . 120 IN NS a.root-servers.net. . 120 IN NS g.root-servers.net. . 120 IN NS k.root-servers.net. . 120 IN NS i.root-servers.net. . 120 IN NS d.root-servers.net. . 120 IN NS f.root-servers.net. ;; Received 228 bytes from 103.234.208.150#53(103.234.208.150) in 48 ms com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. ;; Received 499 bytes from 192.36.148.17#53(192.36.148.17) in 41 ms cisco.com. 172800 IN NS ns1.cisco.com. cisco.com. 172800 IN NS ns2.cisco.com. cisco.com. 172800 IN NS ns3.cisco.com. ;; Received 213 bytes from 192.31.80.30#53(192.31.80.30) in 355 ms cisco.com. 86400 IN A 72.163.4.161 cisco.com. 86400 IN NS ns2.cisco.com. cisco.com. 86400 IN NS ns3.cisco.com. cisco.com. 86400 IN NS ns1.cisco.com. ;; Received 229 bytes from 72.163.5.201#53(72.163.5.201) in 415 ms Thank you Best regards, David S. ------------------------------------------------ e. david@zeromail.us On Sat, Mar 19, 2016 at 12:53 PM, John Kinsella <jlk@thrashyour.com> wrote:
Confirmed in Northern California, on all 3 primary NS servers. A little Friday night maintenance window, maybe?
Looks like it’s just the www record...
On Mar 18, 2016, at 10:38 PM, Dmitry Sherman <dmitry@interhost.net> wrote:
dig www.cisco.com @8.8.8.8
; <<>> DiG 9.8.3-P1 <<>> www.cisco.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60416 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;www.cisco.com. IN A
;; AUTHORITY SECTION: cisco.com. 1247 IN SOA edns-rtp5-1-l. postmaster.cisco.com. 16034550 7200 1800 864000 86400
;; Query time: 94 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Mar 19 07:36:22 2016 ;; MSG SIZE rcvd: 91
— Dmitry Sherman Interhost Networks Ltd dmitry@interhost.net office: 972-74-7029881 mobile: 972-54-3181182 http://www.interhost.co.il
On Fri, Mar 18, 2016 at 10:53:15PM -0700, John Kinsella <jlk@thrashyour.com> wrote a message of 49 lines which said:
Confirmed in Northern California, on all 3 primary NS servers. A little Friday night maintenance window, maybe?
Isn't it simply because the alias chain is awfully long (five steps) and it may fail with resolvers which are hardened against the "infinite recursion" attack? % dig A www.cisco.com ... ;; ANSWER SECTION: www.cisco.com. 3538 IN CNAME www.cisco.com.akadns.net. www.cisco.com.akadns.net. 238 IN CNAME wwwds.cisco.com.edgekey.net. wwwds.cisco.com.edgekey.net. 21538 IN CNAME wwwds.cisco.com.edgekey.net.globalredir.akadns.net. wwwds.cisco.com.edgekey.net.globalredir.akadns.net. 3538 IN CNAME e144.dscb.akamaiedge.net. e144.dscb.akamaiedge.net. 20 IN A 104.93.242.137 http://www.ssi.gouv.fr/uploads/2014/12/idns_attack_anssi.pdf
On Sat, Mar 19, 2016 at 05:38:03AM +0000, Dmitry Sherman <dmitry@interhost.net> wrote a message of 13 lines which said:
dig www.cisco.com @8.8.8.8
Better to test through the authoritative name servers. The problem was there, as documented in <https://www.reddit.com/r/networking/comments/4b2bgo/cisco_website_is_down/d15iu63> So, it was not because of the long CNAME chain, unlike what I wrote previously.
They did announce a maintenance window on their website. Must have been a doozy. On 3/19/16 8:51 AM, Stephane Bortzmeyer wrote:
On Sat, Mar 19, 2016 at 05:38:03AM +0000, Dmitry Sherman <dmitry@interhost.net> wrote a message of 13 lines which said:
dig www.cisco.com @8.8.8.8 Better to test through the authoritative name servers. The problem was there, as documented in <https://www.reddit.com/r/networking/comments/4b2bgo/cisco_website_is_down/d15iu63>
So, it was not because of the long CNAME chain, unlike what I wrote previously.
participants (5)
-
Dan Lacey -
David S. -
Dmitry Sherman -
John Kinsella -
Stephane Bortzmeyer