Verizon Users Can't See Site
cyberseal at comcast.net
cyberseal at comcast.net
Tue Sep 14 17:32:05 UTC 2010
----- "Torsten" <toto at the-damian.de> wrote:
> Am Tue, 14 Sep 2010 08:23:03 +0200
> schrieb Torsten <toto at the-damian.de>:
>
> > Am Tue, 14 Sep 2010 05:15:16 +0000 (UTC)
> > schrieb cyberseal at comcast.net:
> >
> > >
> > >
> > >
> > > Hello List,
> > >
> > >
> > >
> > > I've run into an issue that has me stumped for the time being.
> I'm
> > > working on a website that is hosted on a delegated subdomain. The
> > > site is www-mbclive.mbc.irides.com. The mbc.irides.com subdomain
> is
> > > delegated to two Barracuda load balancers known as
> > > dns1.mbc.irides.com and dns2.mbc.irides.com.
> > >
> > >
> > >
> > > DNS seems to work fine for the majority of our users, however, in
> > > the past week we've heard from many Verizon FIOS users that they
> are
> > > unable to visit the site due to resolution issues. One sent in a
> dig
> > > from his home computer and I was wondering why he doesn't receive
> an
> > > answer:
> > >
> > >
> > >
> > > scott$ dig @71.252.0.12 www-mbclive.mbc.irides.com
> > >
> > > ; <<>> DiG 9.6.0-APPLE-P2 <<>> @71.252.0.12
> > > www-mbclive.mbc.irides.com ; (1 server found)
> > > ;; global options: +cmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62184
> > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
> ADDITIONAL:
> > > 0
> > >
> > > ;; QUESTION SECTION:
> > > ;www-mbclive.mbc.irides.com. IN A
> > >
> > > ;; AUTHORITY SECTION:
> > > www-mbclive.mbc.irides.com. 10 IN SOA
> dns1.mbc.irides.com.
> > > 1. 3600 3600 3600 3600 3600
> > >
> > > ;; Query time: 20 msec
> > > ;; SERVER: 71.252.0.12#53(71.252.0.12)
> > > ;; WHEN: Mon Sep 13 21:31:08 2010
> > > ;; MSG SIZE rcvd: 86
> > >
> > >
> > >
> > > Can anyone tell if there is a DNS issue on our end that may cause
> us
> > > to not play nice w/ Verizon? This issue just popped up in the
> last
> > > two weeks. Prior to that time visitors were not complaining. Any
> > > assistance is greatly appreciated.
> > >
> >
> > I'm having troubles getting an answer from both dns1.mbc.irides.com
> > and dns2.mbc.irides.com for www-mbclive.mbc.irides.com.
> >
> > A dig query freezes for about 12 seconds before returning an
> answer.
> > Maybe there's a problem with a misconfigured firewall.
> >
> > [ts at localhost ~]$ traceroute -q 1 dns2.mbc.irides.com
> > traceroute to dns2.mbc.irides.com (209.252.251.240), 30 hops max,
> 60
> > byte packets 1 10.43.64.254 (10.43.64.254) 0.336 ms
> > 2 vl67.cr30.isham.de.easynet.net (194.64.6.252) 0.927 ms
> > 3 ge1-5.br2.isham.de.easynet.net (194.64.4.126) 0.695 ms
> > 4 ge3-0-2.gr10.isham.de.easynet.net (87.86.71.244) 0.632 ms
> > 5 te2-0-0.gr10.ixfra.de.easynet.net (87.86.77.95) 9.862 ms
> > 6 ge-5-1-4.edge3.frankfurt1.level3.net (212.162.40.77) 9.964 ms
> > 7 vlan79.csw2.Frankfurt1.Level3.net (4.68.23.126) 18.392 ms
> > 8 ae-72-72.ebr2.Frankfurt1.Level3.net (4.69.140.21) 10.387 ms
> > 9 ae-41-41.ebr2.washington1.level3.net (4.69.137.50) 98.620 ms
> > 10 ae-5-5.ebr2.washington12.level3.net (4.69.143.222) 101.159 ms
> > 11 ae-6-6.ebr2.chicago2.level3.net (4.69.148.146) 113.618 ms
> > 12 ae-22-52.car2.chicago2.level3.net (4.69.138.165) 115.322 ms
> > 13 paetec-comm.car2.chicago2.level3.net (4.71.250.34) 115.955 ms
> > 14 gi-3-1-0.core01.chcgil01.paetec.net (66.155.191.97) 139.525 ms
> > 15 po-4-0-0.core02.rochny01.paetec.net (64.80.253.217) 137.915 ms
> > 16 gi-6-0-0.edge02.rochny01.paetec.net (66.155.216.183) 140.368
> ms
> > 17 *
> > 18 *
> > 19 *
> > 20 *
> > 21 *
> > 22 *
> > 23 *
> > 24 *
> > 25 *
> > 26 *
> > 27 *
> > 28 *
> > 29 *
> > 30 *
> >
>
>
> I just noticed that the problem might as well be the very short TTL
> of
> the NS A Records of 10 seconds.
Thanks Torsten, the low TTL's have to do with us using the LB's in a failover environment between two locations. Today I was given access to a Linux box on the Verizon network that is using their DNS server 71.252.0.12, which is affected by this problem. Digs and pings to www-mbclive.mbc.irides.com from this device fail. What can I do to better test and pinpoint the cause of the failure?
More information about the bind-users
mailing list