[unisog] DNS troubles

Cal Frye cjf at calfrye.com
Mon Sep 19 19:47:33 GMT 2005


Hi, Michael,
That's the fuzzy part of this concern. It's mostly the ISP nameservers that
can't seem to resolve parts of our domain space. Webmail isn't found, but the
main web server is, that sort of thing.

We've altered the Packetshaper settings for our DNS servers, opened name
resolution and a few other ICMP types on the firewall (which had blocked all
types), and altered our zone files a bit. No problems over the weekend, but
we're still uncertain it's fixed. Sounds like our problem, however, which is ok.

--Cal Frye, Network Administrator, Oberlin College
   www.ouuf.org, www.calfrye.com
   Say Yes Twice for Oberlin Schools!   www.oberlinyesyes.com

  "You can't govern if you don't believe in government." -- Thom Hartman.


Michael Holstein wrote:
>>We'd like to rule out our own gear, firewall, packetshaper, etc. before we go
>>blaming the ISPs. But is anyone else seeing DNS troubles with off-campus users?
>>Is cache poisoning on the increase this week? Many thanks for your consideration.
> 
> 
> I've known several ISPs to block access to port 53 except to their own 
> nameservers. I'm not sure if this is for monitoring reasons (eg: spy on 
> the customers that use Anonymizer, etc), or to try and prevent DDOS 
> using port 53, but I've seen it happen fairly often.


More information about the unisog mailing list