[dns-operations] Google DNS Admin

Warren Kumari warren at kumari.net
Thu Jan 9 02:03:07 UTC 2020


Here is a RIPE Atlas measurement towards that IP
https://atlas.ripe.net/measurements/23785597/#!tracemon -- 10 out of
50 probes could not traceroute to that IP, but there didn't seem to be
an obvious single point that they all stopped at (BT and Cogent and
Liberty and ASK4 and Comcast) - this is a somewhat larger than
expected failure rate.
Out of 100 probes
(https://atlas.ripe.net/measurements/23785647/#!probes) , 27 were not
able ping that IP (and 3 haven't reported).

I don't see any interesting BGP events until ~020-01-05 07:00....
Oooohhhhhhh, it seems likely that your path is dampened - its moved
around 250 times in a day.
The route 28917 6762 56630 57335 is changed to 28917 20473 57335
The route 28917 20473 57335 is changed to 28917 3257 20473 57335
The route 28917 3257 20473 57335 is changed to 28917 6762 56630 57335
The route 34681 58057 24961 20473 57335 has been announced again
The route 28917 6762 56630 57335 is changed to 28917 20473 57335
The route 28917 20473 57335 is changed to 28917 6762 56630 57335

You probably want to look at a: your BGP configs, and talk to both
AS20473 (Coopa) and AS56630 (Melbikomas UAB, NL)

https://stat.ripe.net/widget/bgplay#w.resource=185.203.205.10&w.starttime=1578359516&w.endtime=1578446100&w.ignoreReannouncements=false&w.rrcs=0,1,2,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp

W

On Wed, Jan 8, 2020 at 8:04 PM Daniel Corbe <daniel at corbe.net> wrote:
>
> Thank you for this.
>
> Is there any chance at all I can get you to do a traceroute to
> 185.203.205.10 and 2a0c:d2c4::53:5:7335
>
> And if you have access to a bgp speaking peer, show ip bgp
> 185.203.204.0/22 and show bgp ipv6 unicast 2a0c:d2c4::/32  (or
> whatever the equivalent commands are for your NOS).
>
> Best,
> Daniel
>
> On Wed, Jan 8, 2020 at 9:57 AM Tony Finch <dot at dotat.at> wrote:
> >
> > Daniel Corbe <daniel at corbe.net> wrote:
> > >
> > > Every well-known recursor is returning valid results for as57335.net
> > > except for 8.8.8.8 and 8.8.4.4 and I'd like some assistance getting
> > > down to the root of the issue.
> >
> > Maybe connectivity problems? I can't get to any of the nameservers from
> > 131.111.0.0/16 or 2a05:b400::/32. DNSviz can see the domain OK but
> > zonemaster cannot.
> >
> > https://dnsviz.net/d/as57335.net/dnssec/
> >
> > https://zonemaster.net/result/0e70c5e9893a0ce8
> >
> > Tony.
> > --
> > f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> > people involved in running their communities
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf



More information about the dns-operations mailing list