[159619] in North American Network Operators' Group
Intermittent incorrect DNS resolution?
daemon@ATHENA.MIT.EDU (Erik Levinson)
Wed Jan 16 17:01:32 2013
Date: Wed, 16 Jan 2013 17:00:29 -0500
From: Erik Levinson <erik.levinson@uberflip.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi everyone,
I'm having an unusual DNS problem and would appreciate feedback.
For the zones in question, primary DNS is provided by GoDaddy and
secondary DNS by DNS Made Easy. Over a week ago we made changes to
several A records (including wildcards on two different zones), all
already having a TTL no greater than one hour.
The new IPs on those A records have taken many millions of requests
since the changes. Occasionally, a small amount of traffic appears at
the old IPs that those A records had. This is HTTP traffic. Packet
captures of this traffic show various Host headers.
Attempting to resolve those various Host headers from various networks
in Canada against various random private and public resolvers and
against the authoritative NSs all yield correct results (i.e. new IPs).
However, both GoDaddy and DNS Made Easy use anycast, which makes it less
likely that I can see the entire picture of what's happening.
I suspect that somewhere, one of their servers has the wrong data, or
some resolver is misbehaving, but based on the
pattern/traffic/volume/randomization of hostnames, the resolver theory
is less likely. I haven't analyzed the source IPs yet to see if they're
in a particular set of countries.
I've opened a ticket with DNS Made Easy and they replied very quickly
suggesting the problem is not with them. I've opened a ticket with
GoDaddy and...well, it's GoDaddy, so I don't expect much (no response yet).
Any ideas? Can folks try resolving eriktest.uberflip.com and post
here with details only if it resolves to an IP starting with 76.9 (old
IPs)?
Thanks
Erik