North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: .ORG problems this evening

  • From: Majdi S. Abbas
  • Date: Thu Sep 18 05:10:51 2003

On Thu, Sep 18, 2003 at 12:50:28AM -0400, Todd Vierling wrote:
> tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
> an hour or two this evening, timing out on all DNS queries.  Anyone else see
> similar?  (The hosts are unpingable and untracerouteable, so I had to use
> DNS queries to determine when they were back up.)

	I didn't have a problem with .org this evening, and I've asked 
around and others don't seem to have noticed anything either.  It would be
more helpful if you told us your source prefix, and which filter you're
hitting when you traceroute to tld[12].ultradns.net.

	As far as the hosts themselves being filtered, I don't know of 
any responsible TLD or root server operator that doesn't filter and/or
rate limit certain types of traffic to their servers -- you have to
understand the incredible volume of garbage they receive from both DoS
attacks and misconfigured or merely broken resolvers out there.

> It makes me wonder how UltraDNS got a contract to manage the domain on all
> of two nameservers hosted on the same subnet, given that they were supposed
> to have deployed "geographically diverse" (or something like that) servers.

	They're not on the same subnet:

	tld1.ultradns.net has address 204.74.112.1
	tld2.ultradns.net has address 204.74.113.1
	                                       ^

	But even if they were, there is a neat trick that some people 
(waves to Paul, Rodney, and others) are doing with their DNS servers:
They advertise the same prefix to multiple networks in multiple 
locations, and each location (hopefully) attracts traffic from nearby 
sources -- when it works, it provides faster query responses, distributes
load, and some redundancy.  In my experience it usually works pretty well.
This is known as anycast.

	Both of these traceroutes are to 204.74.112.1:

traceroute to tld1.ultradns.net (204.74.112.1), 30 hops max, 38 byte packets
 1  nnn-7202-fe-0-0-1 (204.42.254.1)  0.515 ms  0.456 ms  0.346 ms
 2  d1-0-3-0-21.a00.anarmi01.us.ra.verio.net (209.69.3.33)  6.645 ms  6.678
ms  15.549 ms
 3  d3-1-3-0.r01.chcgil01.us.bb.verio.net (129.250.16.22)  15.508 ms  17.321
ms  15.532 ms
 4  p16-2-0-0.r01.chcgil06.us.bb.verio.net (129.250.5.70)  14.831 ms  14.712
ms  15.589 ms
 5  ge-1-1.a00.chcgil07.us.ra.verio.net (129.250.25.167)  15.397 ms  17.021
ms  15.515 ms
 6  fa-2-1.a00.chcgil07.us.ce.verio.net (128.242.186.134)  20.086 ms  16.286
ms  15.528 ms
 7  dellfweqch.ultradns.net (204.74.102.2)  15.559 ms !H  14.908 ms !H
21.551 ms !H

Type escape sequence to abort.
Tracing the route to tld1.ultradns.net (204.74.112.1)
  1 cernh4.cern.ch (192.65.185.4) 0 msec 0 msec 0 msec
  2 ar3-chicago-stm4.cern.ch (192.65.184.25) 120 msec 120 msec 120 msec
  3 ar1-chicago-ge0.cern.ch (192.65.184.226) 120 msec 120 msec 124 msec
  4 NYC-gw14.NYC.US.net.DTAG.DE (62.156.138.190) [AS 3320] 116 msec 120 msec
116 msec
  5 LINX-gw13.LON.GB.NET.DTAG.DE (62.154.5.38) [AS 3320] 116 msec 116 msec
116 msec
  6 62.156.138.10 [AS 3320] 116 msec 116 msec 116 msec
  7 ge-1-1.a01.londen03.uk.ra.verio.net (213.130.47.67) [AS 2914] 116 msec
116 msec 116 msec
  8 UltraDNS-0.a01.londen03.uk.ra.verio.net (213.130.48.38) [AS 2914] 116
msec 116 msec 120 msec
  9 dellfwabld.ultradns.net (204.74.106.2) [AS 12008] !H  !H  !H 

	But clearly tld1.ultradns.net, were it a single host, could
not reside in both London and Chicago.  If you try your traceroutes from
several different networks around the world (try http://www.traceroute.org
for starters), it should become quite clear that there is a plethora of
tld[12].ultradns.net's out there.

	Perhaps a brief description of anycast is in order for the NANOG 
FAQ?  It seems to come up periodically.

	--msa