Starting Monday this week, we've seen a significant delays and timeouts on our upstream name-servers. We saw something similar on our Hetzner servers, but it seems to have gone away now. Has anyone else seen/experienced name-server issues in the last 2-3 days?
I know about the BIND patch from last week, could that somehow be involved?
/Per Jessen, Herrliberg
we noticed, server4you.de was and is still not reachable
U:>tracert www.server4you.de Der Zielname www.server4you.de konnte nicht aufgelöst werden.
bernd / i3b.at (austria)
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Per Jessen Sent: Wednesday, July 16, 2008 11:45 AM To: swinog@lists.swinog.ch Subject: [swinog] name-server slowdown?
Starting Monday this week, we've seen a significant delays and timeouts on our upstream name-servers. We saw something similar on our Hetzner servers, but it seems to have gone away now. Has anyone else seen/experienced name-server issues in the last 2-3 days?
I know about the BIND patch from last week, could that somehow be involved?
/Per Jessen, Herrliberg
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Spiess Bernd wrote:
we noticed, server4you.de was and is still not reachable
U:>tracert www.server4you.de Der Zielname www.server4you.de konnte nicht aufgelöst werden.
Using tracert as a diagnostic tool for DNS?
Please take a look at one of the following for resolving your most likely local problems:
- dig - zonecheck (http://www.zonecheck.fr)
Just in case the result of the first is:
www.server4you.de. 86400 IN A 217.172.191.67 server4you.de. 86400 IN NS ns2.server4you.de. server4you.de. 86400 IN NS ns1.server4you.de. ;; Received 119 bytes from 217.172.162.246#53(ns1.server4you.de) in 10 ms
Thus at least the hostname works. ICMP's seem to be blocked in that direction though.
8<---------------------------------------------------- $ telnet www.server4you.de. 80 Trying 217.172.191.67... Connected to www.server4you.de. Escape character is '^]'. GET / HTTP/1.1
HTTP/1.1 400 Bad Request Date: Wed, 16 Jul 2008 11:15:40 GMT Server: Apache/2.0.52 (CentOS) Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 ... ---------------------------------------------------->8
Looks like it is working to me...
Greets, Jeroen
if the whole network is not reachable and even a ip resolving of one of the main serveradresses is not working i don´t have to try any other tools to know that everything is down :-)
see also: http://www.heise.de/newsticker/Serverausfall-beim-Hoster-Intergenia--/meldun...
bernd
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Jeroen Massar Sent: Wednesday, July 16, 2008 1:16 PM To: swinog@swinog.ch Subject: Re: [swinog] name-server slowdown?
Spiess Bernd wrote:
we noticed, server4you.de was and is still not reachable
U:>tracert www.server4you.de Der Zielname www.server4you.de konnte nicht aufgelöst werden.
Using tracert as a diagnostic tool for DNS?
Please take a look at one of the following for resolving your most likely local problems:
- dig - zonecheck (http://www.zonecheck.fr)
Just in case the result of the first is:
www.server4you.de. 86400 IN A 217.172.191.67 server4you.de. 86400 IN NS ns2.server4you.de. server4you.de. 86400 IN NS ns1.server4you.de. ;; Received 119 bytes from 217.172.162.246#53(ns1.server4you.de) in 10 ms
Thus at least the hostname works. ICMP's seem to be blocked in that direction though.
8<---------------------------------------------------- $ telnet www.server4you.de. 80 Trying 217.172.191.67... Connected to www.server4you.de. Escape character is '^]'. GET / HTTP/1.1
HTTP/1.1 400 Bad Request Date: Wed, 16 Jul 2008 11:15:40 GMT Server: Apache/2.0.52 (CentOS) Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 ... ---------------------------------------------------->8
Looks like it is working to me...
Greets, Jeroen
Spiess Bernd wrote:
if the whole network is not reachable and even a ip resolving of one of the main serveradresses is not working i don´t have to try any other tools to know that everything is down :-)
Strange that the server you indicated then is working fine.
see also: http://www.heise.de/newsticker/Serverausfall-beim-Hoster-Intergenia--/meldun...
Notice the timestamp there.
Greets, Jeroen
On Wed, Jul 16, 2008 at 11:44:46AM +0200, Per Jessen wrote:
Starting Monday this week, we've seen a significant delays and timeouts on our upstream name-servers. We saw something similar on our Hetzner servers, but it seems to have gone away now. Has anyone else seen/experienced name-server issues in the last 2-3 days?
I know about the BIND patch from last week, could that somehow be involved?
Not sure if this is your problem but the bind patch was released mostly untested. The new mode allocates tons of filedescriptors and fails in various freaky ways. The result is delayed resolving and various other failures plus an increased load on the nameserver itself.
Claudio Jeker schrieb:
On Wed, Jul 16, 2008 at 11:44:46AM +0200, Per Jessen wrote:
Starting Monday this week, we've seen a significant delays and timeouts on our upstream name-servers. We saw something similar on our Hetzner servers, but it seems to have gone away now. Has anyone else seen/experienced name-server issues in the last 2-3 days?
I know about the BIND patch from last week, could that somehow be involved?
Not sure if this is your problem but the bind patch was released mostly untested. The new mode allocates tons of filedescriptors and fails in various freaky ways. The result is delayed resolving and various other failures plus an increased load on the nameserver itself.
I thought there was also a recent change in some root nameserver addressing, so I'd suggest to update the root.hints file.
F.
Fredy Kuenzler wrote: [..]
I thought there was also a recent change in some root nameserver addressing, so I'd suggest to update the root.hints file.
Which should be updated automatically. The root.hints should only be a hint for the DNS server which it uses to bootstrap. The first thing it will do is actually "dig . NS" and use those as the real root servers.
Greets, Jeroen
Claudio Jeker wrote:
On Wed, Jul 16, 2008 at 11:44:46AM +0200, Per Jessen wrote:
Starting Monday this week, we've seen a significant delays and timeouts on our upstream name-servers. We saw something similar on our Hetzner servers, but it seems to have gone away now. Has anyone else seen/experienced name-server issues in the last 2-3 days?
I know about the BIND patch from last week, could that somehow be involved?
Not sure if this is your problem but the bind patch was released mostly untested. The new mode allocates tons of filedescriptors and fails in various freaky ways. The result is delayed resolving and various other failures plus an increased load on the nameserver itself.
Thanks, that sounds very possible - I'll have to check with the guys running the upstream servers.
/Per Jessen, Herrliberg
-
Claudio Jeker -
Fredy Kuenzler -
Jeroen Massar -
Per Jessen -
Spiess Bernd