• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

DNS not working when tserv24.sto1 went offline

Started by jocke, April 18, 2010, 04:56:20 PM

Previous topic - Next topic

jocke

Hi,

I use HE's two anycasted DNS-servers on my 1812 at home. In addition, I also use two from my ISP. The latter is retrieved during the IPCP negotiation (yes, the 1812 does the PPP-part of my DSL-line -- my ISP's router has been put in bridge-mode) with the «ppp ipcp dns request accept»-line.

Today at around 00:58, tserv24.sto1 went down, effectively making HE's DNS-servers unreachable (hence breaking all DNS in my home-network, for some reason).

The 1812 acts as a DNS-server (all hosts on the network has the 1812 as it's DNS-server), and after the tunnel went down, it wouldn't even respond to «dig»-queries -- even to sites it had in its cache. I had to manually remove HE's DNS-servers before the 1812 started to reply on DNS-queries. How come?

Also, would there be any way to set my ISP's DNS-server(s) as some kind of primary DNS-server for the 1812 to use?

I'm running «c181x-adventerprisek9-mz.124-24.T2 ((C181X-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2))», if it should be any relevant.

jimb

I don't see why you couldn't hard code your DNS server on the 1812 to use multiple name servers.  Say the HE ones, and the ISP ones.

You could also run your own caching only name server.  I've never tried to do it on a Cisco router (just BIND), but seeing that it only should need a named.cache file to run a caching only server, I don't see why it couldn't do it (just don't know if they have that functionality, or whether it can only function as a forwarding only DNS server ... I tend to run DNS on DNS servers, not on routers).

jocke

Quote from: jimb on April 18, 2010, 05:02:28 PMI don't see why you couldn't hard code your DNS server on the 1812 to use multiple name servers.  Say the HE ones, and the ISP ones.
Ehm, that's what I'm doing -- or are you concerned that the IPCP-retrieval of my ISP's DNS-servers is causing the issue?

QuoteYou could also run your own caching only name server.
I'd guess that's what the 1812 does already?

jimb

Quote from: jocke on April 18, 2010, 05:05:23 PM
Quote from: jimb on April 18, 2010, 05:02:28 PMI don't see why you couldn't hard code your DNS server on the 1812 to use multiple name servers.  Say the HE ones, and the ISP ones.
Ehm, that's what I'm doing -- or are you concerned that the IPCP-retrieval of my ISP's DNS-servers is causing the issue?
I don't know what you're.  If it's retrieving a list of DNS servers over your PPP connection, then maybe it's replacing the hard coded ones.  No idea.
Quote
QuoteYou could also run your own caching only name server.
I'd guess that's what the 1812 does already?
It sounds like it's forwarding only, not caching.  Forwarding, it forwards all requests to a different DNS sever.  Caching means it'd act as a recursive name server itself.  Different things.

jocke

#4
Quote from: jimb on April 18, 2010, 05:42:37 PM[...] maybe it's replacing the hard coded ones.
Well, they're not;
ROFLMAO#sh hosts
Default domain is lan
Name/address lookup uses domain service
Name servers are 2001:470:20::2, 74.82.42.42, 217.13.7.140, 217.13.4.24

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
      temp - temporary, perm - permanent
      NA - Not Applicable None - Not defined

Host                      Port  Flags      Age Type   Address(es)
*snip*


QuoteIt sounds like it's forwarding only, not caching.
It does caching (the «show hosts» is a mile long f.ex.). It worked just fine -- all up until the HE DNS-servers wen't unavailable.

On 1812;
ROFLMAO(config)#ip dns server
ROFLMAO(config)#ip host google.com 10.0.0.1


On computer;
jocke@keklolwtf: ~ $ dig @192.168.0.254 google.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @192.168.0.254 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25227
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 10 IN A 10.0.0.1

;; Query time: 6 msec
;; SERVER: 192.168.0.254#53(192.168.0.254)
;; WHEN: Mon Apr 19 03:01:08 2010
;; MSG SIZE  rcvd: 44

jimb

Yeah it probably caches, but relies on the forwarding DNS servers to resolve.  I'm talking about a recursive caching name server which calls the roots itself, and recurses, calling name servers in a chain until it resolves what you're looking for.

Anyway, not sure why it didn't use the other NS in your list when HE went down since some are IPv4 and presumed not to depend on a path through HE.

All I know is I run a normal BIND 9 server on a linux box and have no issues like this.  :P