G root not responding on UDP?
Hello everyone I wonder if it's just me or anyone else also finding issues in g root reachability? ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work. Trace is timing out on 208.46.37.38. traceroute to 192.112.36.4 (192.112.36.4), 64 hops max, 52 byte packets 1 router01.home (172.16.0.1) 4.926 ms 1.863 ms 1.845 ms 2 103.60.176.101 (103.60.176.101) 24.007 ms 24.507 ms 22.330 ms 3 nsg-static-137.49.75.182-airtel.com (182.75.49.137) 64.435 ms 64.359 ms 66.108 ms 4 182.79.206.46 (182.79.206.46) 331.787 ms 182.79.206.53 (182.79.206.53) 228.497 ms 182.79.222.189 (182.79.222.189) 224.966 ms 5 ldn-brdr-01.qwest.net (195.66.225.34) 162.745 ms 162.139 ms 162.031 ms 6 lon-ddos-01.inet.qwest.net (67.14.63.58) 162.138 ms 162.125 ms 162.916 ms 7 * * * 8 chp-edge-01.inet.qwest.net (208.46.37.37) 242.819 ms 242.793 ms 242.575 ms 9 208.46.37.38 (208.46.37.38) 253.176 ms 253.066 ms 252.807 ms 10 * * * 11 * * * 12 * * * dig @192.112.36.4 . ns ; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached dig @192.112.36.4 . ns +tcp +noauth ; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns +tcp +noauth ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29674 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 24 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS g.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS d.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 3600000 IN A 198.41.0.4 b.root-servers.net. 3600000 IN A 192.228.79.201 c.root-servers.net. 3600000 IN A 192.33.4.12 d.root-servers.net. 3600000 IN A 199.7.91.13 e.root-servers.net. 3600000 IN A 192.203.230.10 f.root-servers.net. 3600000 IN A 192.5.5.241 g.root-servers.net. 3600000 IN A 192.112.36.4 h.root-servers.net. 3600000 IN A 198.97.190.53 i.root-servers.net. 3600000 IN A 192.36.148.17 j.root-servers.net. 3600000 IN A 192.58.128.30 k.root-servers.net. 3600000 IN A 193.0.14.129 l.root-servers.net. 3600000 IN A 199.7.83.42 m.root-servers.net. 3600000 IN A 202.12.27.33 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 3600000 IN AAAA 2001:500:84::b c.root-servers.net. 3600000 IN AAAA 2001:500:2::c d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f h.root-servers.net. 3600000 IN AAAA 2001:500:1::53 i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42 m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 ;; Query time: 259 msec ;; SERVER: 192.112.36.4#53(192.112.36.4) ;; WHEN: Thu Apr 14 16:59:09 2016 ;; MSG SIZE rcvd: 744 Is UDP blocked recently or it has been like this from long? -- Anurag Bhatia anuragbhatia.com
I'm see the same thing from multiple networks. $ dig NS . @g.root-servers.net ; <<>> DiG 9.9.5 <<>> NS . @g.root-servers.net ;; global options: +cmd ;; connection timed out; no servers could be reached On Thu, Apr 14, 2016 at 7:30 AM, Anurag Bhatia <me@anuragbhatia.com> wrote:
Hello everyone
I wonder if it's just me or anyone else also finding issues in g root reachability?
ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work.
Trace is timing out on 208.46.37.38.
traceroute to 192.112.36.4 (192.112.36.4), 64 hops max, 52 byte packets 1 router01.home (172.16.0.1) 4.926 ms 1.863 ms 1.845 ms 2 103.60.176.101 (103.60.176.101) 24.007 ms 24.507 ms 22.330 ms 3 nsg-static-137.49.75.182-airtel.com (182.75.49.137) 64.435 ms 64.359 ms 66.108 ms 4 182.79.206.46 (182.79.206.46) 331.787 ms 182.79.206.53 (182.79.206.53) 228.497 ms 182.79.222.189 (182.79.222.189) 224.966 ms 5 ldn-brdr-01.qwest.net (195.66.225.34) 162.745 ms 162.139 ms 162.031 ms 6 lon-ddos-01.inet.qwest.net (67.14.63.58) 162.138 ms 162.125 ms 162.916 ms 7 * * * 8 chp-edge-01.inet.qwest.net (208.46.37.37) 242.819 ms 242.793 ms 242.575 ms 9 208.46.37.38 (208.46.37.38) 253.176 ms 253.066 ms 252.807 ms 10 * * * 11 * * * 12 * * *
dig @192.112.36.4 . ns
; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached
dig @192.112.36.4 . ns +tcp +noauth
; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns +tcp +noauth ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29674 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 24 ;; WARNING: recursion requested but not available
;; QUESTION SECTION: ;. IN NS
;; ANSWER SECTION: . 518400 IN NS g.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS d.root-servers.net.
;; ADDITIONAL SECTION: a.root-servers.net. 3600000 IN A 198.41.0.4 b.root-servers.net. 3600000 IN A 192.228.79.201 c.root-servers.net. 3600000 IN A 192.33.4.12 d.root-servers.net. 3600000 IN A 199.7.91.13 e.root-servers.net. 3600000 IN A 192.203.230.10 f.root-servers.net. 3600000 IN A 192.5.5.241 g.root-servers.net. 3600000 IN A 192.112.36.4 h.root-servers.net. 3600000 IN A 198.97.190.53 i.root-servers.net. 3600000 IN A 192.36.148.17 j.root-servers.net. 3600000 IN A 192.58.128.30 k.root-servers.net. 3600000 IN A 193.0.14.129 l.root-servers.net. 3600000 IN A 199.7.83.42 m.root-servers.net. 3600000 IN A 202.12.27.33 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 3600000 IN AAAA 2001:500:84::b c.root-servers.net. 3600000 IN AAAA 2001:500:2::c d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f h.root-servers.net. 3600000 IN AAAA 2001:500:1::53 i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42 m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 259 msec ;; SERVER: 192.112.36.4#53(192.112.36.4) ;; WHEN: Thu Apr 14 16:59:09 2016 ;; MSG SIZE rcvd: 744
Is UDP blocked recently or it has been like this from long?
--
Anurag Bhatia anuragbhatia.com
fyi, some discussion and below link from the bind mailing list on this https://atlas.ripe.net/dnsmon/group/g-root On 4/14/2016 7:36 AM, Nicholas Suan wrote:
I'm see the same thing from multiple networks.
$ dig NS . @g.root-servers.net
; <<>> DiG 9.9.5 <<>> NS . @g.root-servers.net ;; global options: +cmd ;; connection timed out; no servers could be reached
On Thu, Apr 14, 2016 at 7:30 AM, Anurag Bhatia <me@anuragbhatia.com> wrote:
Hello everyone
I wonder if it's just me or anyone else also finding issues in g root reachability?
ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work.
Trace is timing out on 208.46.37.38.
traceroute to 192.112.36.4 (192.112.36.4), 64 hops max, 52 byte packets 1 router01.home (172.16.0.1) 4.926 ms 1.863 ms 1.845 ms 2 103.60.176.101 (103.60.176.101) 24.007 ms 24.507 ms 22.330 ms 3 nsg-static-137.49.75.182-airtel.com (182.75.49.137) 64.435 ms 64.359 ms 66.108 ms 4 182.79.206.46 (182.79.206.46) 331.787 ms 182.79.206.53 (182.79.206.53) 228.497 ms 182.79.222.189 (182.79.222.189) 224.966 ms 5 ldn-brdr-01.qwest.net (195.66.225.34) 162.745 ms 162.139 ms 162.031 ms 6 lon-ddos-01.inet.qwest.net (67.14.63.58) 162.138 ms 162.125 ms 162.916 ms 7 * * * 8 chp-edge-01.inet.qwest.net (208.46.37.37) 242.819 ms 242.793 ms 242.575 ms 9 208.46.37.38 (208.46.37.38) 253.176 ms 253.066 ms 252.807 ms 10 * * * 11 * * * 12 * * *
dig @192.112.36.4 . ns
; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached
dig @192.112.36.4 . ns +tcp +noauth
; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns +tcp +noauth ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29674 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 24 ;; WARNING: recursion requested but not available
;; QUESTION SECTION: ;. IN NS
;; ANSWER SECTION: . 518400 IN NS g.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS d.root-servers.net.
;; ADDITIONAL SECTION: a.root-servers.net. 3600000 IN A 198.41.0.4 b.root-servers.net. 3600000 IN A 192.228.79.201 c.root-servers.net. 3600000 IN A 192.33.4.12 d.root-servers.net. 3600000 IN A 199.7.91.13 e.root-servers.net. 3600000 IN A 192.203.230.10 f.root-servers.net. 3600000 IN A 192.5.5.241 g.root-servers.net. 3600000 IN A 192.112.36.4 h.root-servers.net. 3600000 IN A 198.97.190.53 i.root-servers.net. 3600000 IN A 192.36.148.17 j.root-servers.net. 3600000 IN A 192.58.128.30 k.root-servers.net. 3600000 IN A 193.0.14.129 l.root-servers.net. 3600000 IN A 199.7.83.42 m.root-servers.net. 3600000 IN A 202.12.27.33 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 3600000 IN AAAA 2001:500:84::b c.root-servers.net. 3600000 IN AAAA 2001:500:2::c d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f h.root-servers.net. 3600000 IN AAAA 2001:500:1::53 i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42 m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 259 msec ;; SERVER: 192.112.36.4#53(192.112.36.4) ;; WHEN: Thu Apr 14 16:59:09 2016 ;; MSG SIZE rcvd: 744
Is UDP blocked recently or it has been like this from long?
--
Anurag Bhatia anuragbhatia.com
On 2016-04-14 13:30, Anurag Bhatia wrote:
Hello everyone
I wonder if it's just me or anyone else also finding issues in g root reachability?
ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work.
It's not only you: https://atlas.ripe.net/dnsmon/?dnsmon.session.color_range_pls=0-5-5-25-100&dnsmon.session.exclude-errors=true&dnsmon.type=server-probes&dnsmon.server=192.112.36.4&dnsmon.zone=root&dnsmon.startTime=1460574600&dnsmon.endTime=1460616600&dnsmon.ipVersion=both (shorter link: https://t.co/7lgnCFCEDZ) Cheers, Robert
On 2016-04-14 14:29, Robert Kisteleki wrote:
On 2016-04-14 13:30, Anurag Bhatia wrote:
Hello everyone
I wonder if it's just me or anyone else also finding issues in g root reachability?
ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work.
It's not only you:
... and it recovered already: https://atlas.ripe.net/dnsmon/?dnsmon.session.color_range_pls=0-5-5-25-100&dnsmon.session.exclude-errors=true&dnsmon.type=server-probes&dnsmon.server=192.112.36.4&dnsmon.zone=root&dnsmon.startTime=1460595996&dnsmon.endTime=1460637996&dnsmon.ipVersion=both&dnsmon.timeWindow=42000 Robert
Regarding yesterday's G-root outage: Like many outages, this one resulted from a series of unfortunate events. These unfortunate events were operational errors; steps have been taken to prevent any reoccurrence, and to provide better service in the future. Jim Cassell DoD NIC ________________________________ From: NANOG [nanog-bounces@nanog.org] on behalf of Robert Kisteleki [robert@ripe.net] Sent: Thursday, April 14, 2016 12:57 PM To: Anurag Bhatia; NANOG Mailing List Subject: [Non-DoD Source] Re: G root not responding on UDP? All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- On 2016-04-14 14:29, Robert Kisteleki wrote:
On 2016-04-14 13:30, Anurag Bhatia wrote:
Hello everyone
I wonder if it's just me or anyone else also finding issues in g root reachability?
ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work.
It's not only you:
... and it recovered already: Caution-https://atlas.ripe.net/dnsmon/?dnsmon.session.color_range_pls=0-5-5-25-100&dnsmon.session.exclude-errors=true&dnsmon.type=server-probes&dnsmon.server=192.112.36.4&dnsmon.zone=root&dnsmon.startTime=1460595996&dnsmon.endTime=1460637996&dnsmon.ipVersion=both&dnsmon.timeWindow=42000 Robert
On Fri, Apr 15, 2016 at 5:23 PM, Cassell, James D CIV DISA IE (US) < james.d.cassell4.civ@mail.mil> wrote:
Regarding yesterday's G-root outage:
Like many outages, this one resulted from a series of unfortunate events. These unfortunate events were operational errors; steps have been taken to prevent any reoccurrence, and to provide better service in the future.
thanks for engaging, I wonder if there's a post-mortem coming for this? Folk that run significant infrastructure often run into problems before us normal folk do... so learning from your missteps is educational for the rest of us :) -chris (also, someone, me maybe? asked the same thing from ARIN's folk when they made a boo-boo with rdns records ~1 month or so ago... so fair's fair! :) )
participants (6)
-
Anurag Bhatia -
Cassell, James D CIV DISA IE (US) -
Christopher Morrow -
Jim Glassford -
Nicholas Suan -
Robert Kisteleki