Really odd one: parts of global DNS just dropped off the map

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Wed Nov 24 18:27:19 UTC 2004 

Andy Holyer <andy at holyer.org> wrote:
> I've never seen this one ever before, and I don't even really know
> where to ask.

> Apologies if this is off-topic, but here goes.

> I administer the primary DNS for a bunch of domains which our company
> hosts, plus mail and DNS for the customers of our ISP. The primary DNS
> server is a Dell Poweredge running FreeBSD hosted at Telehouse in
> London's docklands.

> Some point yesterday afternoon (GMT). I started getting reports that
> certain sites were failing on DNS. Notably www.nasa.gov, which my boss
> uses to demonstrate that broadband is operating. The fact that he
> discovered this five minutes before I was planning to go home, and
> when he couldn't leave a client's site because they were not
> distinguishing between bad DNS and lack of connectivity helped none of
> our tempers in the matter.

> It seemed a bunch of (mainly US-based) sites were failing DNS. Other
> (UK-based) worked fine. Trying another server in the same facility
> gave the same result. Finally I switced forwarders to another ISP and
> called it a day.

> This morning I switched things back and all appears fine. however
> digging around, I don't get ping response from about half the hosts in
> named.root. b.root-servers.net, for example. Now, I can understand
> that root servers would just turn off ICMP echo since they're busy
> enough as it is, but it still worries me a bit.

> I've never seen this sort of behaviour before, and I'm not at all sure
> where to start in finding out what's going on, and whether there's
> some subtle mis-configuration on my part. From my part, the serial
> number in my root db files tells me that I haven't touched the named
> config since early June, so I would be most surprised if it was
> functioning fine, barely idling, and would then just go haywire like
> that.

> *Any* advice as to where I could go from here to ensure integrity of
> DNS is most gratefully recieved.

Remove your forwarding statements. The very seldom are motivated and
will put your fate in someone elses hands.

> ---

> Andy Holyer, Hedgehog Broadband, Brighton UK.



-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list