The DNS servers 2001:470:20::2 and 74.82.42.42 are not resolving names. Anyone else see the same?
Seems to work
[carl@mars ~]$ dig aaaa google.com @2001:470:20::2
; <<>> DiG 9.6.2-P2 <<>> aaaa google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19744
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 247 IN AAAA 2001:4860:800b::63
;; Query time: 41 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 07:24:45 2011
;; MSG SIZE rcvd: 56
I'm seeing extreme slowness and SERVFAILs. I've fallen back to OpenDNS for the moment.
I run my own dns, but just queried theirs and not seeing any issues.
Perhaps the varying problems (or not) are because the address is Anycasted. Which Tunnel endpoint is everybody using? I'm on Ashburn, VA.
Chicago here
I can't get to the HE IPv4 Anycast DNS, but can get to the IPv6 site. I don't know if HE started blocking outside access to their v4 address? Considering most do not route the IPv4 across the tunnel, they take two paths.
mills@Dilbert:~> dig aaaa google.com @2001:470:20::2
; <<>> DiG 9.7.3 <<>> aaaa google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7546
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 190 IN AAAA 2001:4860:800c::67
;; Query time: 14 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 09:52:42 2011
;; MSG SIZE rcvd: 56
mills@Dilbert:~> dig aaaa google.com @74.82.42.42
; <<>> DiG 9.7.3 <<>> aaaa google.com @74.82.42.42
;; global options: +cmd
;; connection timed out; no servers could be reached
mills@Dilbert:~> ping 74.82.42.42
PING 74.82.42.42 (74.82.42.42) 56(84) bytes of data.
^C
--- 74.82.42.42 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 7995ms
mills@Dilbert:~> ping6 2001:470:20::2
PING 2001:470:20::2(2001:470:20::2) 56 data bytes
64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=16.6 ms
64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=17.4 ms
64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=15.3 ms
^C
--- 2001:470:20::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 15.339/16.474/17.433/0.876 ms
No problems with IPv4 here either
[carl@mars ~]$ dig aaaa google.com @74.82.42.42
; <<>> DiG 9.6.2-P2 <<>> aaaa google.com @74.82.42.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27964
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 236 IN AAAA 2001:4860:800b::67
;; Query time: 81 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Wed May 11 09:59:11 2011
;; MSG SIZE rcvd: 56
Seeing timeouts from here in Atlanta.
Here in Chicago tried some odd ball site pulled from sixy.ch ipv6 site feed no issues
; <<>> DiG 9.7.3 <<>> @74.82.42.42 brabbelaar.nl AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20054
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;brabbelaar.nl. IN AAAA
;; ANSWER SECTION:
brabbelaar.nl. 3600 IN AAAA 2a02:cc8::96:52
;; Query time: 196 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Wed May 11 11:17:25 2011
;; MSG SIZE rcvd: 59
; <<>> DiG 9.7.3 <<>> @2001:470:20::2 brabbelaar.nl AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16280
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;brabbelaar.nl. IN AAAA
;; ANSWER SECTION:
brabbelaar.nl. 3515 IN AAAA 2a02:cc8::96:52
;; Query time: 37 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 11:18:51 2011
;; MSG SIZE rcvd: 59
There was a large DDOS against Ashburn's regular tserv last night, that needed a pretty gnarly filter applied. I tried to minimize what services would get impacted, and for the most part the tunnels themselves were unaffected, however DNS might have been not 100%. The DDOS is gone and so is the filter. Please retest.
Are you guys using anything like SRTBH (http://packetlife.net/blog/2010/aug/23/source-based-rtbh/) to combat DOS attacks?