[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS issue affecting (and subdomains)

From: Bob Proulx
Subject: Re: DNS issue affecting (and subdomains)
Date: Sat, 25 Mar 2023 15:05:44 -0600

Eli Zaretskii wrote:
> > Ar Rakin wrote:
> >    $ host
> >     ;; connection timed out; no servers could be reached

> You will find the information here:
> That place is always good to look at when such issues occur.

+1 for the status page.  The FSF
sysadmins post information there (sometimes terse) when there are
problems seen that affect systems.  It's something everyone should
bookmark where they can find it easily.

>  $ host
>  [...]
>  Host not found: 2(SERVFAIL)
> Nope, Google's resolver can't resolve either.

The authoritative nameservers (a fancy title for the upstream ones)
are getting DDoS'd off the net.  Which means that all resolution by
downstream nameservers, even Google ones, are timing out.

Compounded by the very short 300 second TTL on the records
mean that even if a lookup is successful that it can only be cached
for five minutes and then discarded.  Upon which then it needs to be
looked up again and the query will have to fight its way through the
DDoS in a mixed martial arts cage fight arena to get the data again.

> How about, making the same queries on a VPS in the US:
>  $ host
> has address
> has IPv6 address 2001:470:142:5::116
>  Host not found: 2(SERVFAIL)
> Hmm, that worked, just, but it was very slow (~ 8 secs).

The nameservers are overwhelmed making them slow to respond.  And then
additionally I am seeing a very high packet loss across the network
into the Boston machines.  That high packet loss means retries at the
network protocol level making things slow.  I have seen 30-45 seconds
on average here looking up DNS for a while.

>  $ host
>  [...]
>  Host not found: 2(SERVFAIL)
> Google's resolver fails again.

There is really nothing special about the Google resolver.  If the
upstream ns* nameservers can't receive and can't send data
then names cannot be resolved.

> I fetch from every 30 minutes and the fetch beagn to
> fail two days ago (on 23rd March) at around 10pm GMT.  It has been
> failing much more often than not since then.

Yes.  That's about when the attack started.  I assume it is an
attack.  That's what sysadmin said about it.  I have no special
ability to observe this particular attack and am suffering through the
packet loss of it along with the rest of you.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]