Scattered DNS issues
Been noticing scattered DNS issues which are not isolated to an individual network, e.g., I use Global/Level3, but am now having customers inside of Paetec's network also seeing issues. Anyone else seeing anomalies this morning? -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
On Wed, 14 Aug 2013, Joe Abley wrote:
On 2013-08-14, at 09:35, "J. Oquendo" <sil@infiltrated.net> wrote:
Been noticing scattered DNS issues
Could you describe what the DNS issues look like?
Joe
Sites timing out, not resolving one minute, then resolving the next. E.g. here is another instance: https://twitter.com/briankrebs/status/367641489498992640 His site passes through Global/Level3, I couldn't reach him with GBLX/Level3 DNS, but could with 8.8.8.8 his site appeared down from downforeveryoneorjustme.com but was resolvable in some instances. I have clients in NY complaining about reaching servers I can reach, but their networks can't. So its scattered and I haven't figured out a common theme. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
On 2013-08-14, at 10:24, "J. Oquendo" <sil@infiltrated.net> wrote:
Sites timing out, not resolving one minute, then resolving the next. E.g. here is another instance:
https://twitter.com/briankrebs/status/367641489498992640
His site passes through Global/Level3, I couldn't reach him with GBLX/Level3 DNS, but could with 8.8.8.8 his site appeared down from downforeveryoneorjustme.com but was resolvable in some instances.
krebsonsecurity.com is delegated to ns1.prolexic.com and ns2.prolexic.com. I'm seeing both those nameservers respond with non-authoritative answers for krebsonsecurity.com/IN/SOA. Jakob's robot seems to see similarly: http://dnscheck.se/log.pl?domain=krebsonsecurity.com&date=last So does AFNIC's, at least some of the time: http://www.zonecheck.fr/zonecheck/cgi-bin/zc.cgi?zone=krebsonsecurity.com Those prolexic nameservers are surely anycast; it seems possible that they have a problem where some of their nodes are serving the zone accurately and some are not. That seems consistent with the kind of unpredictable results you're describing. If there was a problem with the zone or the servers that are serving it, it's quite possible that it has since been fixed and what you're seeing is fallout from cached bad answers. Joe
participants (2)
-
J. Oquendo -
Joe Abley