RE: Problems with NS*.worldnic.com
I saw some mention of this in a previous thread. Is anyone else still experiencing problems? We're seeing general slowness and the use of the truncate bit in responses, forcing to TCP mode.
We're still having a wack of issues with all names on NSI nameservers. Poking around at other service provider nameservers out there I'm amazed at how many places things are still resolving, something to be said for ignoring DNS TTLs. :) It's been over 3 days now, so I think I'm going to move what I've still got left with them somewhere else. I'm getting a roughly 10% response rate from their nameservers, and that's probably optimisticly high. Graeme graeme clark | leader, network technologies and services | lavalife corp. toronto | tel 416 263 6300 x 3658 | fax 416 263 6303
On Mon, 25 Apr 2005, Graeme Clark wrote:
I saw some mention of this in a previous thread. Is anyone else still experiencing problems? We're seeing general slowness and the use of the truncate bit in responses, forcing to TCP mode.
We're still having a wack of issues with all names on NSI nameservers. Poking around at other service provider nameservers out there I'm amazed at how many places things are still resolving, something to be said for ignoring DNS TTLs. :) It's been over 3 days now, so I think I'm going to move what I've still got left with them somewhere else.
I'm getting a roughly 10% response rate from their nameservers, and that's probably optimisticly high.
it may help 'other operators' and 'nsi' to know which servers you can NOT resolve from, and which cache/recursive hosts are asking ns<blah>.worldnic.com for the particular domains. So: I am at 128.2.35.50, I asked cache00.ns.uu.net for a domain on both: ns5.worldnic.com and ns25.worldnic.com and got no response :( (as a simple for instance, this may help others know they are not alone in their problems, and the NSI folks might know which askers and answers are still unhappy with each other)
Have to say we see no issues here with the worldnic.com nameservers, other than they appear to be located on the same physical network. I think people should post queries that fail, including date/time, and full "dig" output for that query from the server they used, and the version of recursive nameserver used. Otherwise it is purely speculative guess work to figure out if it is a DNS delegation issue, or something else (network congestion?). No one should be surprised that a DNS request may be truncated and switched to TCP, that is in the RFCs. Although the servers in question run BIND9 so presumably support EDNS0, which suggests those seeing truncation may be running rather old code, or unusual recursive resolvers. The worldnic.com and worldnic.net appear to use the YYYYMMDDVV convention for SOA serial numbers, and so it would appear nothing has changed their end in terms of zone data for at least five months in terms of zone file settings. All looks rosy from here.
On Tue, 26 Apr 2005, Simon Waters wrote:
Have to say we see no issues here with the worldnic.com nameservers, other than they appear to be located on the same physical network.
I think people should post queries that fail, including date/time, and full "dig" output for that query from the server they used, and the version of recursive nameserver used. Otherwise it is purely speculative guess work to figure out if it is a DNS delegation issue, or something else (network congestion?).
I think I suggested similar yesterday as did Mr. Bush.
The worldnic.com and worldnic.net appear to use the YYYYMMDDVV convention for SOA serial numbers, and so it would appear nothing has changed their end in terms of zone data for at least five months in terms of zone file settings.
Interesting, I thought the worldnic.com servers were NSI's 'free hosting for domains you registered through us' servers, which would imply they get changed 'frequently' no?
lots of folk sent email to me and not the list. most report worldnic responding with tcp 53 and not udp. would love to hear confirmation on list. can think of a number of causes, one possible, but just a stab in the dark, would be an intentional hack as a defense to a spoofed-ip attack. what are some names known to be hosted on worldnic? randy
Randy Bush <randy@psg.com> wrote:
lots of folk sent email to me and not the list. most report worldnic responding with tcp 53 and not udp. would love to hear confirmation on list. can think of a number of causes, one possible, but just a stab in the dark, would be an intentional hack as a defense to a spoofed-ip attack.
That's quite an interesting theory, and you may be right. However, when given the choice between incompetence and malice, I know which one my money is on.
what are some names known to be hosted on worldnic?
voipbuster.com's one that they've been whining about on uk.telecom. Right now, UDP DNS requests to ns25/ns26.worldnic.com for that domain are giving truncated responses and TCP calls aren't even being answered, so it's even more buggered than the last time I poked at it. -- "I Adjure Thee, O Foul Demon of The Sinus, by this Leatherman Tool and this Fully Earthed 30 Amp Power Strip! Remain Thou within the Faraday Cage and Answer the Questions put to Thee, and I shall Discharge Thee that Thou mayest return from Whence Thou Camest." -- Peter da Silva
On Tue, 26 Apr 2005, Randy Bush wrote:
lots of folk sent email to me and not the list. most report worldnic responding with tcp 53 and not udp. would love to hear confirmation on list. can think of a number of causes, one possible, but just a stab in the dark, would be an intentional hack as a defense to a spoofed-ip attack.
what are some names known to be hosted on worldnic?
we had problems reported with: www.calairmail.com www.holidaycardwebsite.com I did some poking around lastnight with dig and some local unix hosts that I hadn't tried this before on and got no change to tcp :( (so no truncate and returned results via UDP) though today I see: morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns7.worldnic.com ;; Truncated, retrying in TCP mode. and failures (which is PROBABLY my silly iptables config...) morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns8.worldnic.com ; <<>> DiG 9.2.2rc1 <<>> www.holidaycardwebsite.com. @ns8.worldnic.com ;; global options: printcmd interesting that both servers aren't doing the same thing?
In message <Pine.GSO.4.58.0504261351530.6246@sharpie.argfrp.us.uu.net>, "Christ opher L. Morrow" writes:
On Tue, 26 Apr 2005, Randy Bush wrote:
lots of folk sent email to me and not the list. most report worldnic responding with tcp 53 and not udp. would love to hear confirmation on list. can think of a number of causes, one possible, but just a stab in the dark, would be an intentional hack as a defense to a spoofed-ip attack.
what are some names known to be hosted on worldnic?
we had problems reported with:
www.calairmail.com www.holidaycardwebsite.com
I did some poking around lastnight with dig and some local unix hosts that I hadn't tried this before on and got no change to tcp :( (so no truncate and returned results via UDP) though today I see:
morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns7.worldnic.com ;; Truncated, retrying in TCP mode.
and failures (which is PROBABLY my silly iptables config...)
morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns8.worldnic.com
; <<>> DiG 9.2.2rc1 <<>> www.holidaycardwebsite.com. @ns8.worldnic.com ;; global options: printcmd
interesting that both servers aren't doing the same thing?
Both work for me, from two different places, one of which has v6 connectivity and one of which doesn't. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
----- Original Message ----- From: "Randy Bush" <randy@psg.com> To: "Christopher L. Morrow" <christopher.morrow@mci.com> Cc: <nanog@merit.edu> Sent: Tuesday, April 26, 2005 16:35 Subject: Re: Problems with NS*.worldnic.com
lots of folk sent email to me and not the list. most report worldnic responding with tcp 53 and not udp. would love to hear confirmation on list. can think of a number of causes, one possible, but just a stab in the dark, would be an intentional hack as a defense to a spoofed-ip attack.
That is a bind issue when receiving empty response from worldnic ns on udp queries, it asks again on tcp which is very slow. more here: http://isc.sans.org/diary.php?date=2005-04-22
what are some names known to be hosted on worldnic?
randy
aljuhani
participants (7)
-
abuse@cabal.org.uk
-
aljuhani
-
Christopher L. Morrow
-
Graeme Clark
-
Randy Bush
-
Simon Waters
-
Steven M. Bellovin