[dns-operations] hosting. nameservers partial unreachable

Tue Jan 30 16:59:53 UTC 2024

Just to follow up, these bad routes stopped being advertised around 20:00
UTC yesterday, and we're able to reach CentralNic addresses normally now
without any filters in place.

-Dan

Dan McCombs
Senior Engineer I - DNS
dmccombs at digitalocean.com

On Mon, Jan 29, 2024 at 3:08 PM Dan McCombs <dmccombs at digitalocean.com>
wrote:

> We're seeing issues reaching CentralNic managed nameservers *.nic.(online,
> tech, xyl, space, etc.) in Europe as well. It looks like their prefixes are
> being hijacked by China Mobile and being advertised by FLAG telecom. We had
> to filter out those routes in order to reach them again.
>
> Anyone on this list from CentralNic that could look into things?
>
> -Dan
>
>
> Dan McCombs
> Senior Engineer I - DNS
> dmccombs at digitalocean.com
>
>
> On Mon, Jan 29, 2024 at 2:53 PM A. Schulze via dns-operations <
> dns-operations at dns-oarc.net> wrote:
>
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: "A. Schulze" <sca at andreasschulze.de>
>> To: "dns-operations at lists.dns-oarc.net" <
>> dns-operations at lists.dns-oarc.net>
>> Cc:
>> Bcc:
>> Date: Mon, 29 Jan 2024 20:50:00 +0100
>> Subject: hosting. nameservers partial unreachable
>> Hello,
>>
>> to day I noticed unreachable nameserver [a-d].nic.hosting. via IPv4
>> approved by at least two locations by such script:
>>
>> for transport in tcp notcp; do
>>    for protocol in 4 6; do
>>      for host in a b c d; do
>>        printf "${host}.nic.hosting/${protocol}/${transport}:"
>>        if dig -${protocol} @${host}.nic.hosting. hosting. soa +timeout=1
>> +retry=1 +short +${transport} 2>/dev/null | grep --silent
>> hostmaster.centralnic.net; then
>>          printf "ok\n";
>>        else
>>          printf "fail\n";
>>        fi
>>      done
>>    done
>> done
>>
>> from AS31334 and AS15451:
>>
>> a.nic.hosting/4/tcp:fail
>> b.nic.hosting/4/tcp:fail
>> c.nic.hosting/4/tcp:fail
>> d.nic.hosting/4/tcp:fail
>> a.nic.hosting/6/tcp:ok
>> b.nic.hosting/6/tcp:ok
>> c.nic.hosting/6/tcp:ok
>> d.nic.hosting/6/tcp:ok
>> a.nic.hosting/4/notcp:fail
>> b.nic.hosting/4/notcp:fail
>> c.nic.hosting/4/notcp:fail
>> d.nic.hosting/4/notcp:fail
>> a.nic.hosting/6/notcp:ok
>> b.nic.hosting/6/notcp:ok
>> c.nic.hosting/6/notcp:ok
>> d.nic.hosting/6/notcp:ok
>>
>> from other locations I got 16x ok
>> Sometimes I also saw some OK for IPv4, too bit resolver so not retry as
>> often.
>>
>> Any hints?
>> Andreas
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: "A. Schulze via dns-operations" <dns-operations at dns-oarc.net>
>> To: "dns-operations at lists.dns-oarc.net" <
>> dns-operations at lists.dns-oarc.net>
>> Cc:
>> Bcc:
>> Date: Mon, 29 Jan 2024 20:50:00 +0100
>> Subject: [dns-operations] hosting. nameservers partial unreachable
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20240130/ced043f6/attachment.html>