We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS. Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts. Verification at our site using dig and nslookup confirms the above. On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server Can anyone confirm what we are seeing? Thanks and regards, Mike
probably, you're a victim of their selective DNS blackouts? http://rscott.org/dns/GoDaddy_Selective_DNS_Blackouts.htm -- jodok On 20.09.2011, at 22:49, Michael Moeller wrote:
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts.
Verification at our site using dig and nslookup confirms the above.
On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server
Can anyone confirm what we are seeing?
Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Can anyone confirm what we are seeing?
We've had similar reports this afternoon. ~Matt
On Tue, Sep 20, 2011 at 5:02 PM, Matt Addison <maddison@lightbound.net> wrote:
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Can anyone confirm what we are seeing?
We've had similar reports this afternoon.
~Matt
Do you have any details that you could share with me? Offlist would be okay. Thanks, Mike
Big Comcast outage here in Nor Cal - appears to be dns related. - Sent from my Android device... On Sep 20, 2011 1:56 PM, "Michael Moeller" <mwmoeller@gmail.com> wrote:
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts.
Verification at our site using dig and nslookup confirms the above.
On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server
Can anyone confirm what we are seeing?
Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
I cannot confirm this. On Windows machines all I am seeing is that lookups for xyz.com using an authoritative nameserver of ns50.domaincontrol.com is -- correctly -- rejected: PS>nslookup xyz.com ns50.domaincontrol.com *** Can't find server name for address 208.109.255.25: Query refused Server: UnKnown Address: 208.109.255.25 *** UnKnown can't find xyz.com: Query refused I see the same behaviour with ns49.domaincontrol.com, ns48, etc... The rejection message here is correct because xyz.com is not a domain GoDaddy's nameservers are authoritative for (root servers as well as WHOIS both confirm this; query a.gtld-servers.net for NS records for xyz.com), and *are not* recursive nameservers. I also see the exact same behaviour with dig on a FreeBSD host. Note: "status: REFUSED". $ dig @ns49.domaincontrol.com ns xyz.com ; <<>> DiG 9.6.-ESV-R5 <<>> @ns49.domaincontrol.com ns xyz.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25213 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;xyz.com. IN NS ;; Query time: 75 msec ;; SERVER: 216.69.185.25#53(216.69.185.25) ;; WHEN: Tue Sep 20 14:10:03 2011 ;; MSG SIZE rcvd: 25 Also, according to WHOIS domaincontrol.com is "Wild West Domains". Is this a company GoDaddy purchased? I have not bothered to check web pages (do not particularly care). If not, what's the relation? -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB | On Tue, Sep 20, 2011 at 04:49:47PM -0400, Michael Moeller wrote:
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts.
Verification at our site using dig and nslookup confirms the above.
On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server
Can anyone confirm what we are seeing?
Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
On Tue, Sep 20, 2011 at 5:13 PM, Jeremy Chadwick <outages@jdc.parodius.com> wrote:
I cannot confirm this. On Windows machines all I am seeing is that lookups for xyz.com using an authoritative nameserver of ns50.domaincontrol.com is -- correctly -- rejected:
PS>nslookup xyz.com ns50.domaincontrol.com *** Can't find server name for address 208.109.255.25: Query refused Server: UnKnown Address: 208.109.255.25
*** UnKnown can't find xyz.com: Query refused
I see the same behaviour with ns49.domaincontrol.com, ns48, etc...
The rejection message here is correct because xyz.com is not a domain GoDaddy's nameservers are authoritative for (root servers as well as WHOIS both confirm this; query a.gtld-servers.net for NS records for xyz.com), and *are not* recursive nameservers.
I also see the exact same behaviour with dig on a FreeBSD host. Note: "status: REFUSED".
$ dig @ns49.domaincontrol.com ns xyz.com
; <<>> DiG 9.6.-ESV-R5 <<>> @ns49.domaincontrol.com ns xyz.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25213 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available
;; QUESTION SECTION: ;xyz.com. IN NS
;; Query time: 75 msec ;; SERVER: 216.69.185.25#53(216.69.185.25) ;; WHEN: Tue Sep 20 14:10:03 2011 ;; MSG SIZE rcvd: 25
Also, according to WHOIS domaincontrol.com is "Wild West Domains". Is this a company GoDaddy purchased? I have not bothered to check web pages (do not particularly care). If not, what's the relation?
-- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB |
On Tue, Sep 20, 2011 at 04:49:47PM -0400, Michael Moeller wrote:
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts.
Verification at our site using dig and nslookup confirms the above.
On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server
Can anyone confirm what we are seeing?
Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Any thoughts on the 'no response from server' error message vs a 'query refused' error message? .Mike
Yes, it means DNS timeout or an ACL/network-level issue vs. getting back an exclusive response from the query that says "I reject". Are you using IPv6? Can you turn off IPv6 to ensure that your tunnelling provider isn't causing this? This is networking troubleshooting 101, you should have folks on staff or available via phone who should be able to help diagnose this problem. Analysis of packet capture from each device up to your ISP should be sufficient. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB | On Tue, Sep 20, 2011 at 05:33:12PM -0400, Michael Moeller wrote:
On Tue, Sep 20, 2011 at 5:13 PM, Jeremy Chadwick <outages@jdc.parodius.com> wrote:
I cannot confirm this. ?On Windows machines all I am seeing is that lookups for xyz.com using an authoritative nameserver of ns50.domaincontrol.com is -- correctly -- rejected:
PS>nslookup xyz.com ns50.domaincontrol.com *** Can't find server name for address 208.109.255.25: Query refused Server: ?UnKnown Address: ?208.109.255.25
*** UnKnown can't find xyz.com: Query refused
I see the same behaviour with ns49.domaincontrol.com, ns48, etc...
The rejection message here is correct because xyz.com is not a domain GoDaddy's nameservers are authoritative for (root servers as well as WHOIS both confirm this; query a.gtld-servers.net for NS records for xyz.com), and *are not* recursive nameservers.
I also see the exact same behaviour with dig on a FreeBSD host. ?Note: "status: REFUSED".
$ dig @ns49.domaincontrol.com ns xyz.com
; <<>> DiG 9.6.-ESV-R5 <<>> @ns49.domaincontrol.com ns xyz.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25213 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available
;; QUESTION SECTION: ;xyz.com. ? ? ? ? ? ? ? ? ? ? ? IN ? ? ?NS
;; Query time: 75 msec ;; SERVER: 216.69.185.25#53(216.69.185.25) ;; WHEN: Tue Sep 20 14:10:03 2011 ;; MSG SIZE ?rcvd: 25
Also, according to WHOIS domaincontrol.com is "Wild West Domains". ?Is this a company GoDaddy purchased? ?I have not bothered to check web pages (do not particularly care). ?If not, what's the relation?
-- | Jeremy Chadwick ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?jdc at parodius.com | | Parodius Networking ? ? ? ? ? ? ? ? ? ? ? http://www.parodius.com/ | | UNIX Systems Administrator ? ? ? ? ? ? ? ? ? Mountain View, CA, US | | Making life hard for others since 1977. ? ? ? ? ? ? ? PGP 4BD6C0CB |
On Tue, Sep 20, 2011 at 04:49:47PM -0400, Michael Moeller wrote:
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. ?We use GoDaddy for DNS.
Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts.
Verification at our site using dig and nslookup confirms the above.
On a windows host the following is returned for all valid and invalid domain names: ? ?*** ns50.domaincontrol.com can't find xyz.com: No response from server
Can anyone confirm what we are seeing?
Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Any thoughts on the 'no response from server' error message vs a 'query refused' error message?
Been seeing this intermittently since late last night as well. Blake Pfankuch Connecting Point of Greeley Network Engineer (970) 356-7224 main bpfankuch@cpgreeley.com Cisco, Microsoft, Adtran and VMware Certification Information available upon request. -----Original Message----- From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of Michael Moeller Sent: Tuesday, September 20, 2011 2:50 PM To: outages@outages.org Subject: [outages] GoDaddy DNS Issues? We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS. Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts. Verification at our site using dig and nslookup confirms the above. On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server Can anyone confirm what we are seeing? Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
And as another follow up I am now seeing issues from ns51 and ns52 as well on a customer domain. Blake Pfankuch Connecting Point of Greeley Network Engineer (970) 356-7224 main bpfankuch@cpgreeley.com Cisco, Microsoft, Adtran and VMware Certification Information available upon request. -----Original Message----- From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of Blake Pfankuch Sent: Tuesday, September 20, 2011 3:35 PM To: Michael Moeller; outages@outages.org Subject: Re: [outages] GoDaddy DNS Issues? Been seeing this intermittently since late last night as well. Blake Pfankuch Connecting Point of Greeley Network Engineer (970) 356-7224 main bpfankuch@cpgreeley.com Cisco, Microsoft, Adtran and VMware Certification Information available upon request. -----Original Message----- From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of Michael Moeller Sent: Tuesday, September 20, 2011 2:50 PM To: outages@outages.org Subject: [outages] GoDaddy DNS Issues? We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS. Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts. Verification at our site using dig and nslookup confirms the above. On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server Can anyone confirm what we are seeing? Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
So where's the diagnostic and debugging data showing the problem? Come on folks, this is pretty disheartening. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB | On Tue, Sep 20, 2011 at 09:44:55PM +0000, Blake Pfankuch wrote:
And as another follow up I am now seeing issues from ns51 and ns52 as well on a customer domain.
Blake Pfankuch Connecting Point of Greeley Network Engineer (970) 356-7224 main bpfankuch@cpgreeley.com
Cisco, Microsoft, Adtran and VMware Certification Information available upon request.
-----Original Message----- From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of Blake Pfankuch Sent: Tuesday, September 20, 2011 3:35 PM To: Michael Moeller; outages@outages.org Subject: Re: [outages] GoDaddy DNS Issues?
Been seeing this intermittently since late last night as well.
Blake Pfankuch Connecting Point of Greeley Network Engineer (970) 356-7224 main bpfankuch@cpgreeley.com
Cisco, Microsoft, Adtran and VMware Certification Information available upon request.
-----Original Message----- From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of Michael Moeller Sent: Tuesday, September 20, 2011 2:50 PM To: outages@outages.org Subject: [outages] GoDaddy DNS Issues?
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts.
Verification at our site using dig and nslookup confirms the above.
On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server
Can anyone confirm what we are seeing?
Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
participants (6)
-
Blake Pfankuch -
Jeremy Chadwick -
Jodok Batlogg -
Matt Addison -
Michael Moeller -
Paul Ferguson