We just lost DNS totally for a while and just got it back...XO communications also lost almost all Internet routes at the same time... Anyone else noticing weirdness? Erik Amundson
On Fri, 20 Jul 2007 14:25:41 CDT, Erik Amundson said:
We just lost DNS totally for a while and just got it back...XO communications also lost almost all Internet routes at the same time...
Cause (losing all routes) -> effect (can't reach stuff other side of the routes, including DNS servers)? Sounds like an XO routing issue, not a DNS issue.
I also have UUNET and Qwest routes working fine, but even on those, I couldn't reach the roots for quite a while. Erik Amundson IT Infrastructure Manager Open Access Technology Int'l, Inc. Phone (763) 201-2005 mailto:erik.amundson@oati.net CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic. -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Friday, July 20, 2007 2:34 PM To: Erik Amundson Cc: nanog@nanog.org Subject: Re: DNS issues? On Fri, 20 Jul 2007 14:25:41 CDT, Erik Amundson said:
We just lost DNS totally for a while and just got it back...XO communications also lost almost all Internet routes at the same time...
Cause (losing all routes) -> effect (can't reach stuff other side of the routes, including DNS servers)? Sounds like an XO routing issue, not a DNS issue.
To Vladis' point, how do you know that you couldn't reach the roots vs the roots not being able to reach you? -- Sent from my BlackBerry. -----Original Message----- From: "Erik Amundson" <Erik.Amundson@oati.net> Date: Fri, 20 Jul 2007 14:39:37 Cc:<nanog@nanog.org> Subject: RE: DNS issues? I also have UUNET and Qwest routes working fine, but even on those, I couldn't reach the roots for quite a while. Erik Amundson IT Infrastructure Manager Open Access Technology Int'l, Inc. Phone (763) 201-2005 mailto:erik.amundson@oati.net CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic. -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Friday, July 20, 2007 2:34 PM To: Erik Amundson Cc: nanog@nanog.org Subject: Re: DNS issues? On Fri, 20 Jul 2007 14:25:41 CDT, Erik Amundson said:
We just lost DNS totally for a while and just got it back...XO communications also lost almost all Internet routes at the same time...
Cause (losing all routes) -> effect (can't reach stuff other side of the routes, including DNS servers)? Sounds like an XO routing issue, not a DNS issue.
On Fri, 20 Jul 2007 19:52:34 -0000, =?utf-8?B?Q2hyaXN0aWFuIEt1aHR6?= said:
To Vladis' point, how do you know that you couldn't reach the roots vs the roots not being able to reach you?
In addition to which, his nameservers probably wouldn't *need* to reach the actual roots unless they'd managed to timeout their cache for things like .com and .org and .net. 'dig . soa' says: . 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007072000 1800 900 604800 86400 86400. Yummy. "Tune in tomorrow for updates". Most likely, it's a TLD server or three that he's unable to reach, not the actual roots themselves. But given that routing issues *are* included in the original message, and I've seen naught saying that there were any DNS servers in the "reachable but misbehaving" state, I have to conclude that root cause is a routing blurp.
Valdis.Kletnieks@vt.edu wrote:
"Tune in tomorrow for updates". Most likely, it's a TLD server or three that he's unable to reach, not the actual roots themselves.
we will probably never know. folk who say "the internet broke" seem unable to actually waste their time giving us actual technical information. this seems matched to a willingness to waste our time guessing. randy
By answering, we are enablers. By not answering, we are unhelpful elitists. Rock, meet hard place.
we will probably never know. folk who say "the internet broke" seem unable to actually waste their time giving us actual technical information. this seems matched to a willingness to waste our time guessing.
Buhrmaster, Gary wrote:
By answering, we are enablers.
it is not possible to answer as there was no actual answerable question, so this is not an issue
By not answering, we are unhelpful elitists.
i have no problem with whatever fools wish to call me. i care for the opinions of the wise. randy
I was having issues reaching any of the roots, and any of the TLDs for .com and .net. I tested them directly, and had no luck. I was merely looking to see if anything was broken elsewhere in the world to see if it was just my network so I could diagnose things a bit better. XO's problem eventually got fixed (relatively), and I was suddenly able to get answers from the roots/TLDs again over Verizon Business/UUNET/MCI/WORLDCOM/whatever, and Qwest after about 45 minutes. I have found no explanation for the loss of connectivity as of yet. I found it strange that I had issues reaching the name serves even after shutting off XO, so that's why I asked... Some of NANOG folks have been helpful and kind, some not, but I read NANOG a lot, and I'm not surprised. :) Thanks....I guess. Erik Amundson
On Fri, 20 Jul 2007, Erik Amundson wrote:
I was having issues reaching any of the roots, and any of the TLDs for .com and .net. I tested them directly, and had no luck.
It's more likely they were having trouble reaching you. My guess is that much of your return traffic normally comes to you over your XO connection. During whatever routing issue XO had, they continued to propogate your route(s) and receive traffic for you from the "internet", but were unable to route that traffic across their network to you. I've seen similar things happen with other providers. During such breakage, shutting your BGP session to them doesn't always help.
I was merely looking to see if anything was broken elsewhere in the world to see if it was just my network so I could diagnose things a bit better.
With the distributed nature of the DNS roots, if all the root servers suddenly "break", you can be nearly 100% sure the problem is much closer to the observer than to all the root servers or the "internet" in general. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Hi, NANOGers. This might help a bit when debugging root and TLD name server connectivity concerns: <http://www.cymru.com/monitoring/dnssumm/index.html> Thanks, Rob. -- Rob Thomas Team Cymru http://www.cymru.com/ cmn_err(do_panic, "Out of coffee!");
participants (7)
-
Buhrmaster, Gary
-
Christian Kuhtz
-
Erik Amundson
-
Jon Lewis
-
Randy Bush
-
Rob Thomas
-
Valdis.Kletnieks@vt.edu