Wild guess, Xtra had a glitch.

The Xtra DNS topology is far more robust than 10 years ago when alien and terminater served as both authoritative and caching resolvers and were both on the single 202.xx.184.x subnet.

What ever you do don't ask them to fix it :( . I haven't had to smash a keyboard or skip beer'oclock because of "another" Xtra DNS issue for quite a while now.

They are New Zealands largest provider, if they have a glitch it will likely affect someone you know, DNS servers are under constant aggressive attack and there is not much that any of use can do about that, except perhaps drink beer :)

Maybe leave one DNS set to 8.8.8.8 so that google can keep an eye on you?

Cheers

BG

On 23/04/2015 1:47 p.m., Glen Eustace wrote:

From about October/November last year we have been getting the odd call from some of our customers to report that our servers are ‘not found’. So far, each report has been from an Xtra broadband user. When investigating these reports we have found that the servers were fine and DNS lookups from various sources (except Xtra) were as well.

Last night the issue happened to a member of the family so I was able to jump onto their computer using Teamviewer and do some more thorough diagnostics. My results were;

Name servers in use: ns1.xtra.co.nz and ns2.xtra.co.nz

Name servers pingable from PC: Yes

Does smtp.godzone.net.nz resolve: No, times out

Do other resources in our DNS resolve: No, time out

Do resources in other DNS servers resolve: Yes

Are all 4 of our name servers pingable from PC: Yes, 2 in NZ and 2 offshore

Use nslookup to query our name servers directly, does smtp.godzone.net.nz resolve: Yes

Use nslookup to query our name servers using 8.8.8.8, does smtp.godzone.net.nz resolve: Yes

To fix the issue on the PC, I manually set the name servers to 8.8.8.8 and 8.8.4.4, all our services were then resolvable and useable.

So, whats going on ?

How are our servers different ?

Well, we are one of the few ISPs that are using DNSSec to sign zones.

Is DNSSec broken ? Not according to dnsviz.net

The problem is also intermittent, I have heard that the two Xtra servers are actually LB VIPs in front of a farm of name servers. With the intermittent nature of the issue I wonder whether one server in the farm might be broken/misconfigured, just a thought.

I have tried, without success to contact appropriate people at Xtra to either comment or assist and have failed to get past the level one helpdesk people. Their only response being “Sorry we can’t help you”.

I am not saying this is an issue with Xtra’s internal recursive DNS servers but so far I have been unable to replicate the issue and have had no reports from any of our other customers using alternative broadband suppliers. I have run out of ideas now on how to continue to investigate this and just changing to Google’s DNS servers might work but isn’t a great solution.

If anyone has any suggestions I’d appreciate hearing from you.

Glen.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Glen and Rosanne Eustace,
GodZone Internet Services, a division of AGRE Enterprises Ltd.,
P.O. Box 8020, Palmerston North, New Zealand 4446
Ph: +64 6 357 8168, Fax: +64 6 357 8165, Mob: +64 27 542 4015

"Specialising in providing low-cost professional Internet Services since 1997"

This e-mail message has passed virus scanning by Outersite Technology.
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog

_____________________________________________________________________
This e-mail message has passed virus scanning by Outersite Technology.

This e-mail message has passed virus scanning by Outersite Technology.