.ORG problems this evening
Majdi S. Abbas
msa at samurai.sfo.dead-dog.com
Thu Sep 18 09:08:22 UTC 2003
On Thu, Sep 18, 2003 at 12:50:28AM -0400, Todd Vierling wrote:
> tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
> an hour or two this evening, timing out on all DNS queries. Anyone else see
> similar? (The hosts are unpingable and untracerouteable, so I had to use
> DNS queries to determine when they were back up.)
I didn't have a problem with .org this evening, and I've asked
around and others don't seem to have noticed anything either. It would be
more helpful if you told us your source prefix, and which filter you're
hitting when you traceroute to tld[12].ultradns.net.
As far as the hosts themselves being filtered, I don't know of
any responsible TLD or root server operator that doesn't filter and/or
rate limit certain types of traffic to their servers -- you have to
understand the incredible volume of garbage they receive from both DoS
attacks and misconfigured or merely broken resolvers out there.
> It makes me wonder how UltraDNS got a contract to manage the domain on all
> of two nameservers hosted on the same subnet, given that they were supposed
> to have deployed "geographically diverse" (or something like that) servers.
They're not on the same subnet:
tld1.ultradns.net has address 204.74.112.1
tld2.ultradns.net has address 204.74.113.1
^
But even if they were, there is a neat trick that some people
(waves to Paul, Rodney, and others) are doing with their DNS servers:
They advertise the same prefix to multiple networks in multiple
locations, and each location (hopefully) attracts traffic from nearby
sources -- when it works, it provides faster query responses, distributes
load, and some redundancy. In my experience it usually works pretty well.
This is known as anycast.
Both of these traceroutes are to 204.74.112.1:
traceroute to tld1.ultradns.net (204.74.112.1), 30 hops max, 38 byte packets
1 nnn-7202-fe-0-0-1 (204.42.254.1) 0.515 ms 0.456 ms 0.346 ms
2 d1-0-3-0-21.a00.anarmi01.us.ra.verio.net (209.69.3.33) 6.645 ms 6.678
ms 15.549 ms
3 d3-1-3-0.r01.chcgil01.us.bb.verio.net (129.250.16.22) 15.508 ms 17.321
ms 15.532 ms
4 p16-2-0-0.r01.chcgil06.us.bb.verio.net (129.250.5.70) 14.831 ms 14.712
ms 15.589 ms
5 ge-1-1.a00.chcgil07.us.ra.verio.net (129.250.25.167) 15.397 ms 17.021
ms 15.515 ms
6 fa-2-1.a00.chcgil07.us.ce.verio.net (128.242.186.134) 20.086 ms 16.286
ms 15.528 ms
7 dellfweqch.ultradns.net (204.74.102.2) 15.559 ms !H 14.908 ms !H
21.551 ms !H
Type escape sequence to abort.
Tracing the route to tld1.ultradns.net (204.74.112.1)
1 cernh4.cern.ch (192.65.185.4) 0 msec 0 msec 0 msec
2 ar3-chicago-stm4.cern.ch (192.65.184.25) 120 msec 120 msec 120 msec
3 ar1-chicago-ge0.cern.ch (192.65.184.226) 120 msec 120 msec 124 msec
4 NYC-gw14.NYC.US.net.DTAG.DE (62.156.138.190) [AS 3320] 116 msec 120 msec
116 msec
5 LINX-gw13.LON.GB.NET.DTAG.DE (62.154.5.38) [AS 3320] 116 msec 116 msec
116 msec
6 62.156.138.10 [AS 3320] 116 msec 116 msec 116 msec
7 ge-1-1.a01.londen03.uk.ra.verio.net (213.130.47.67) [AS 2914] 116 msec
116 msec 116 msec
8 UltraDNS-0.a01.londen03.uk.ra.verio.net (213.130.48.38) [AS 2914] 116
msec 116 msec 120 msec
9 dellfwabld.ultradns.net (204.74.106.2) [AS 12008] !H !H !H
But clearly tld1.ultradns.net, were it a single host, could
not reside in both London and Chicago. If you try your traceroutes from
several different networks around the world (try http://www.traceroute.org
for starters), it should become quite clear that there is a plethora of
tld[12].ultradns.net's out there.
Perhaps a brief description of anycast is in order for the NANOG
FAQ? It seems to come up periodically.
--msa
More information about the NANOG
mailing list