[138313] in North American Network Operators' Group
Re: TWTelecom DNS issues...
daemon@ATHENA.MIT.EDU (Wil Schultz)
Wed Mar 2 22:10:06 2011
From: Wil Schultz <wschultz@bsdboy.com>
In-Reply-To: <32980473.892.1299119505285.JavaMail.root@benjamin.baylink.com>
Date: Wed, 2 Mar 2011 19:09:06 -0800
To: Jay Ashworth <jra@baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 2, 2011, at 6:31 PM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Christopher Morrow" <morrowc.lists@gmail.com>
>=20
>> On Wed, Mar 2, 2011 at 1:38 PM, Wil Schultz <wschultz@bsdboy.com>
>> wrote:
>>> ns1.twtelecom.net and ns2.twtelecom.net (along with some other DNS
>>> servers, ns1.orng.twtelecom.net and ns1.ptld.twtelecom.net) suddenly
>>> stopped serving DNS for domains it's not authoritative for this
>>> morning. Requests are being actively refused from within their
>>> network.
>>>=20
>>> Caused a small issue for us, just thought I'd pass along.
>>=20
>> they were recursing previously and are no longer? that seems like a
>> win... or did I misconstrue what you said?
>=20
> Not if you're an end user who was configured, for some reason, to use =
them
> as a recursive server... which is what I infer from the fact that he =
posted=20
> it. In which case, it would be useful for Wil to provide us the IP
> addresses of those servers as he understand them, since that is what =
such
> affected users would have programmed...
>=20
> Cheers,
> -- jra
>=20
Oh sure, here are the ones that I tested and can confirm were down. =
Well, not "down" but actively refusing queries.=20
ns1.iplt.twtelecom.net (64.132.94.250)
ns1.milw.twtelecom.net (216.136.95.2)
ns1.orng.twtelecom.net (168.215.210.50)
ns1.snan.twtelecom.net (168.215.165.186)
ns1.twtelecom.net (216.136.95.2, 2001:4870:6082:3::5)
ns2.twtelecom.net (64.132.94.250, 2001:4870:8000:3::5)
ns1.twtelecom.net and ns2.twtelecom.net are well known to be =
authoritative for a number of domain, and I would have presumed that the =
rest would be their recursive servers. I found an old welcome letter =
from them that states ns1.twtelecom.net and ms2.twtelecom.net were the =
preferred forwarders on the circuit.
Some other network segments use their other resolvers but weren't =
affected because our internal boxes cache. I can't speak as to why they =
have it set up this way, but that's the list I have and every single one =
wasn't working from within or outside of their network. =46rom my =
testing authoritative requests were never denied, however.
There was a complete outage for a bit over an hour, then it was =
intermittent for a couple hours after that. Also, good or bad, all of =
the above servers recurse from on and off their network once again. =
Their NOC gave me a resolution of "Added an ACL to block an IP address". =
:-)
Regardless, I'm not using their resolvers anymore but thought it would =
be helpful in case anyone else saw a segment of their network start =
yammering about facebook and twitter being down.
-wil=
