[unisog] DNS troubles

John Kristoff jtk at northwestern.edu
Fri Sep 16 15:20:52 GMT 2005


On Fri, 16 Sep 2005 09:45:32 -0400
Cal Frye <cjf at calfrye.com> wrote:

> We're starting to have problems this week with off-campus folks seeing
> temporary inability to resolve some of our servers. Duration of the
> outage is half an hour to an hour or two, as far as we can tell.

This is what I get, presumably this looks OK to you?

  ;; QUESTION SECTION:
  ;oberlin.edu.                   IN      NS

  ;; ANSWER SECTION:
  oberlin.edu.            604800  IN      NS      dns.cc.oberlin.edu.
  oberlin.edu.            604800  IN      NS      ns1.oar.net.
  oberlin.edu.            604800  IN      NS      dns2.cc.oberlin.edu.
  oberlin.edu.            604800  IN      NS      ocdns1.cc.oberlin.edu.
  oberlin.edu.            604800  IN      NS      ocdns2.cc.oberlin.edu.

  ;; ADDITIONAL SECTION:
  ocdns1.cc.oberlin.edu.  604800  IN      A       132.162.1.31
  ocdns2.cc.oberlin.edu.  604800  IN      A       132.162.1.32

It would be worth knowing what the off-site hosts having problems
see here or for the specific RRs as well what they have as their
own local resolver configuration.

You'll want to verify that the above NS hosts are properly responding
to queries for your domain to the outside.  You may also want to
verify that you're not accidentally breaking something (e.g. some
servers may have hard set their source UDP port in the queries to a
value that you or someone upstream is now filtering).

Presumably it is multiple RRs that are failing, but verify that it
isn't a specific one in a specific zone.  Probably not the case here,
but there have also been reported problems when DNS over TCP filters
have been naively applied.

> We'd like to rule out our own gear, firewall, packetshaper, etc.
> before we go blaming the ISPs. But is anyone else seeing DNS troubles
> with off-campus users? Is cache poisoning on the increase this week?

Nothing of those sorts that I'm aware of.  There has been on occasion
trouble with some recursive servers failing to respond when they become
overloaded (often because of neutered bots or misconfigurations), but
that seems unlikely if it is happening from hosts on different networks
using different recursive servers.

John


More information about the unisog mailing list