[unisog] DNS troubles

Cal Frye cjf at calfrye.com
Fri Sep 16 17:56:26 GMT 2005


Hi, Ransel,
Interesting observation. We're not quite ready to use an ignore policy, but I've
created a class for those servers, priority 7, and will watch it for a bit, first.

There's a bit of fuzziness with our info with Educause I'll try to fix, besides,
but mostly the zone info others have commented on looks correct, when users get
anything at all. We've made several changes on our end; we'll watch over the
weekend to see if complaints continue. Mostly I didn't want to spend lots of
time fixing a more universal problem with local tools ;-)

Thanks, all for the helpful comments.

--Cal Frye, Network Administrator, Oberlin College
   www.oberlin.edu, in this case...
   Say Yes Twice for Oberlin Schools!   www.oberlinyesyes.com

  "It's true hard work never killed anybody, but I figure, why take the chance?"
--Ronald Reagan (b. 1911)


Ransel Yoho wrote:
> Hi Cal,
>  
> Kent State also has seen issues with DNS udp requests failing at our
> packetshaper, even with the DNS hosts in a critical server partition
> with a higher priority than the rest of campus.  To get around this
> issue, we applied an ignore policy to the DNS servers.
>  
> Ransel Yoho
> Network Services, Kent State University
> 
>  
> On 9/16/05, *Cal Frye* <cjf at calfrye.com <mailto:cjf at calfrye.com>> wrote:
> 
>     We're starting to have problems this week with off-campus folks
>     seeing temporary
>     inability to resolve some of our servers. Duration of the outage is
>     half an hour
>     to an hour or two, as far as we can tell. Limited testing suggests
>     that pointing
>     to different name servers can fix the problem, sometimes not. At
>     least Verizon
>     and Cox customers have been affected.
> 
>     We'd like to rule out our own gear, firewall, packetshaper, etc.
>     before we go
>     blaming the ISPs. But is anyone else seeing DNS troubles with
>     off-campus users?
>     Is cache poisoning on the increase this week? Many thanks for your
>     consideration.
> 
>     --
>     --Cal Frye, Network Administrator, Oberlin College
>       www.ouuf.org <http://www.ouuf.org>, www.calfrye.com
>     <http://www.calfrye.com>
>       Say Yes Twice for Oberlin Schools!   www.oberlinyesyes.com
>     <http://www.oberlinyesyes.com>
> 
>     "I don't mind if people are Republicans in the privacy of their
>     bedrooms. It's
>     just the ones that flaunt it in public, the raging, flaming ones,
>     that give me
>     the creeps." -- Greg Palast.
>     _______________________________________________
>     unisog mailing list
>     unisog at lists.sans.org <mailto:unisog at lists.sans.org>
>     http://www.dshield.org/mailman/listinfo/unisog
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog


More information about the unisog mailing list