Level3 DNS not resolving for our domains
Is anyone seeing issues with domains not resolving at 4.2.2.[1-6]? All other test DNS servers function correctly. Thank you, -- Otto Monnig CTO KTG IP, LLC
Works for me:
dig google.com @4.2.2.2 +short 216.58.216.238
I expect your IP (either /32 or larger) may have done too many requests within a finite time window. Those DNS servers quit responding after too many inquiries (I don't know the count or time frame). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Dec 30, 2015 at 12:07 PM, Otto Monnig <omonnig@gmail.com> wrote:
Is anyone seeing issues with domains not resolving at 4.2.2.[1-6]? All other test DNS servers function correctly.
Thank you,
-- Otto Monnig CTO KTG IP, LLC
Sorry for not providing domains - I did so intentionally, as I believe this is a policy change at L3, rather than a technical issue. One of our companies hosts multiple domains and the issue is widespread among those domains at several locations. -- Otto Monnig
On Dec 30, 2015, at 11:07 AM, Otto Monnig <omonnig@gmail.com> wrote:
Is anyone seeing issues with domains not resolving at 4.2.2.[1-6]? All other test DNS servers function correctly.
Thank you,
-- Otto Monnig CTO KTG IP, LLC
On Wed, Dec 30, 2015 at 03:02:39PM -0600, Otto Monnig <omonnig@gmail.com> wrote a message of 24 lines which said:
Sorry for not providing domains - I did so intentionally, as I believe this is a policy change at L3, rather than a technical issue.
And how are we supposed to debug, without even one domain name? Level 3 public DNS resolvers work fine for me (tested with several names, both DNSSEC and not DNSSEC).
rocketktg.com <http://rocketktg.com/> -- Otto Monnig
On Dec 30, 2015, at 3:18 PM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Wed, Dec 30, 2015 at 03:02:39PM -0600, Otto Monnig <omonnig@gmail.com> wrote a message of 24 lines which said:
Sorry for not providing domains - I did so intentionally, as I believe this is a policy change at L3, rather than a technical issue.
And how are we supposed to debug, without even one domain name?
Level 3 public DNS resolvers work fine for me (tested with several names, both DNSSEC and not DNSSEC).
On Wed Dec 30 15:48:26 2015, Otto Monnig wrote:
rocketktg.com <http://rocketktg.com/>
;; ADDITIONAL SECTION: ns1.rocketktg.com. 244 IN A 68.235.47.109 ns2.rocketktg.com. 244 IN A 68.235.47.110 Both are in the same AS, perhaps a routing issue? -- Alarig Le Lay
On Dec 30, 2015, at 5:12 PM, Alarig Le Lay <alarig@swordarmor.fr> wrote:
On Wed Dec 30 15:48:26 2015, Otto Monnig wrote:
rocketktg.com <http://rocketktg.com/>
;; ADDITIONAL SECTION: ns1.rocketktg.com. 244 IN A 68.235.47.109 ns2.rocketktg.com. 244 IN A 68.235.47.110
Both are in the same AS, perhaps a routing issue?
Seems like a good candidate for reading http://www.rfc-editor.org/rfc/rfc2182.txt - jared
On Wed, Dec 30, 2015 at 11:12:29PM +0100, Alarig Le Lay <alarig@swordarmor.fr> wrote a message of 35 lines which said:
Both are in the same AS, perhaps a routing issue?
Indeed. This is a warning in ZoneMaster <https://zonemaster.net/test/b9c2efd5a10f2eb8> and I observe also that 10-15 % of the RIPE Atlas probes cannot resolve this name (so it is not just Level 3). The name servers unfortunately do not reply to ICMP echo so it is hard to debug.
rocketktg.com <http://rocketktg.com/>
;; ADDITIONAL SECTION: ns1.rocketktg.com. 244 IN A 68.235.47.109 ns2.rocketktg.com. 244 IN A 68.235.47.110
rfc2182 section 6
participants (6)
-
Alarig Le Lay
-
Jared Mauch
-
Josh Luthman
-
Otto Monnig
-
Randy Bush
-
Stephane Bortzmeyer