Re: [tlug] eskimo.com down ?

[Patrick Bernier <pat@example.com>]

Quoting Curt Sampson:
> Are their ASs still up in BGP?

traceroute wouldn't have made it all the way into their network if the
routes were not advertised in BGP. The first BGP router in the path without
a default route would have returned an error (unless somebody else was
announcing a superset, but then the traceroute would have ended up in that
somebody else's network).

The first thing I checked was of course "show ip bgp" on oregon-ix for both
eskimo.com and www.integratelecom.com's IP addresses. The routes were
there. Packets just weren't making it all the way there. Also, after
noticing in the BGP table a direct route from AS852 (TELUS) to
integratelcom, I checked from a TELUS router. Same results.

integratelecom's web server seems to be reachable fine now. But nothing
gets to the eskimo IPs. Even worse, their nameservers are all offline.

[I'll be ridiculously verbose here in case this interests someone]

The domain eskimo.com has four registered name servers. The easiest way to
find that out is to use the "+trace" mode of the "dig" command:

---------------------------------------------------------------------------
% dig +trace eskimo.com. soa

; <<>> DiG 9.5.1-P3 <<>> +trace eskimo.com. soa
;; global options:  printcmd
.			346080	IN	NS	G.ROOT-SERVERS.NET.
.			346080	IN	NS	K.ROOT-SERVERS.NET.
.			346080	IN	NS	M.ROOT-SERVERS.NET.
.			346080	IN	NS	D.ROOT-SERVERS.NET.
.			346080	IN	NS	C.ROOT-SERVERS.NET.
.			346080	IN	NS	I.ROOT-SERVERS.NET.
.			346080	IN	NS	E.ROOT-SERVERS.NET.
.			346080	IN	NS	B.ROOT-SERVERS.NET.
.			346080	IN	NS	L.ROOT-SERVERS.NET.
.			346080	IN	NS	F.ROOT-SERVERS.NET.
.			346080	IN	NS	A.ROOT-SERVERS.NET.
.			346080	IN	NS	H.ROOT-SERVERS.NET.
.			346080	IN	NS	J.ROOT-SERVERS.NET.
;; Received 272 bytes from 127.0.0.1#53(127.0.0.1) in 4 ms

com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
;; Received 488 bytes from 2001:dc3::35#53(M.ROOT-SERVERS.NET) in 91 ms

eskimo.com.		172800	IN	NS	ns1.eskimo.com.
eskimo.com.		172800	IN	NS	ns2.eskimo.com.
eskimo.com.		172800	IN	NS	ns3.eskimo.com.
eskimo.com.		172800	IN	NS	ns4.eskimo.com.
;; Received 164 bytes from 192.54.112.30#53(H.GTLD-SERVERS.NET) in 111 ms

;; connection timed out; no servers could be reached
---------------------------------------------------------------------------

dig followed the delegation chain from the root servers down to the
GTLD servers, and then tried to contact the actual eskimo.com
name servers to fulfill my query -- and timed out, because
no reply ever came from the eskimo.com servers.

This is a very good example of why it's not a good idea to have all your
DNS servers in the same location. Actually, the IP addresses of
ns{1,2,3.4}.eskimo.com are so close to one another that I would bet they
are sitting on the same subnet.

Oh, the IP addresses are provided by the "glue" records in the GTLD
servers -- to avoid the catch-22 of having to ask the eskimo.com
nameservers for the ip of the eskimo.com nameservers:

---------------------------------------------------------------------------
% dig @c.gtld-servers.net. eskimo.com. ns

; <<>> DiG 9.5.1-P3 <<>> @c.gtld-servers.net. eskimo.com. ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43267
;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;eskimo.com.			IN	NS

;; ANSWER SECTION:
eskimo.com.		172800	IN	NS	ns1.eskimo.com.
eskimo.com.		172800	IN	NS	ns2.eskimo.com.
eskimo.com.		172800	IN	NS	ns3.eskimo.com.
eskimo.com.		172800	IN	NS	ns4.eskimo.com.

;; ADDITIONAL SECTION:
ns1.eskimo.com.		172800	IN	A	204.122.16.8
ns2.eskimo.com.		172800	IN	A	204.122.16.9
ns3.eskimo.com.		172800	IN	A	204.122.16.3
ns4.eskimo.com.		172800	IN	A	204.122.16.7

;; Query time: 8 msec
;; SERVER: 192.26.92.30#53(192.26.92.30)
;; WHEN: Wed Nov 11 03:58:09 2009
;; MSG SIZE  rcvd: 164
---------------------------------------------------------------------------

You can see the IPs in the "additional section": 204.122.16.3, .7, .8 and
.9 -- sounds suspiciously close.

Anyway, the bottom line is, nobody is getting anything from eskimo.com
until at least those nameservers start talking again!

-- 
()  Patrick (L.) Bernier <pat@example.com>
()  http://www.TZoNE.ORG/~pat/
()  GPG B070 BBB6 188D EB1E 353A 90E4 96FF D8EB 1ADC BE03
()  "Words have meaning, and names have power." -- Lorien