Guess I wasn't going crazy. Forwarded to me by a read-only lister. Might be worth trying if prob still exists for anyone. Chuck Church Lead Design Engineer CCIE #8776, MCNE, MCSE Netco Government Services - Design & Implementation 1210 N. Parker Rd. Greenville, SC 29609 Home office: 864-335-9473 Cell: 703-819-3495 cchurch@netcogov.com PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D -----Original Message----- From: Mark Moseley [mailto:moseleymark@gmail.com] Sent: Friday, July 08, 2005 7:17 PM To: Church, Chuck Subject: Re: DNS .US outage Hi. I don't have 'write' access to the nanog group so I'm writing you directly. I saw the exact same behaviour. After some banging-head-against-wall at 3am, I noticed that if I turned *off* "query-source * port 53" in Bind (i.e. it was using port 53 as the source port for queries to make firewalling easier), it magically started working again. Don't know if you're using Bind or Windows DNS, but all I could tell is that when Bind was configured to query *from* port 53, I couldn't get the .us TLDs to answer me, but when using a random ephemeral port (of named's choice), it worked just fine. I don't know if they are (or were, haven't check since then) blocking queries with a source port of 53, but whatever the case it worked for some reason. If this works for you, please feel free to re-post to nanog (unless of course, the outage has gone away and they've fixed their stuff over at the .us TLD servers). One thing to note is that when you use dig or nslookup or whatever, it'll also be using some ephemeral port, so it'll work, even when the lookups from source port 53 wouldn't. Again, I haven't checked since that night to see if that's gone away, so it might be a moot point now. On 7/6/05, Church, Chuck <cchurch@netcogov.com> wrote:
Anyone else having issues with .US right now (~12AM EST)? NSlookup,
etc
show various .us destinations as unknown domains...
Chuck Church Lead Design Engineer CCIE #8776, MCNE, MCSE Netco Government Services - Design & Implementation Team 1210 N. Parker Rd. Greenville, SC 29609 Home office: 864-335-9473 Cell: 703-819-3495 cchurch@netcogov.com PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
On 11/07/05, Church, Chuck <cchurch@netcogov.com> wrote:
One thing to note is that when you use dig or nslookup or whatever, it'll also be using some ephemeral port, so it'll work, even when the lookups from source port 53 wouldn't. Again, I haven't checked since that night to see if that's gone away, so it might be a moot point now.
Hold on now - dig or nslookup query the local resolver with that ephemeral port. If this behavior you describe still exists on the resolver (query from port 53 and not ephemeral ports) then you still wouldnt get a result -- Suresh Ramasubramanian (ops.lists@gmail.com)
participants (2)
-
Church, Chuck
-
Suresh Ramasubramanian