[GRLUG] !Linux-periodic dns failure
Bill Littlejohn
billl at mtd-inc.com
Tue Aug 31 12:49:56 EDT 2010
On Tue, Aug 31, 2010 at 10:44 AM, Michael Mol <mikemol at gmail.com> wrote:
> On Tue, Aug 31, 2010 at 2:32 PM, Bill Littlejohn <billl at mtd-inc.com> wrote:
>> We use Charter Business as our primary ISP, and an internal forwarding
>> DNS server that forwards to DynDNS for external domains.
>> A couple times a week we're having failure of DNS for about 10 minutes
>> at a time, so I wrote a script to check the Charter gateway, internal
>> DNS, DynDNS, OpenDNS, and Charter DNS.
>> During the last failure (ending 10:02am today) I ran the script and
>> all external DNS queries timed out except for Charter's DNS.
>> That would seem to indicate that Charter is somehow dropping or
>> interfering with those external DNS queries.
>> Anyone know how I might verify that?
>>
>> I called Charter support... they offered to send someone to test our
>> modem. <sigh>
>
> A note: DNS uses UDP, which (unlike TCP) does not guarantee delivery.
> It's quite possible that they're dealing with network congestion,
> causing dropped packets. For TCP, this just results in lowered
> throughput until your local machines re-send their packets, but UDP
> doesn't have a fallback like that.
>
> Use a VPN to tunnel your DNS queries through? I'd suggest configuring
> the VPN tunnel to use TCP as a carrier (OpenVPN, for example, supports
> both TCP and UDP as carriers), so your UDP packets are guaranteed to
> get to the other end of the VPN link, at least.
>
>
> --
> :wq
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
Good point about UDP.
I'll have to determine if Charter is suffering from congestion.
A VPN to my Linode server would get the DNS packets there, but still
wouldn't confirm if Charter is messing with DNS or is overloaded.
Perhaps in the end the VPN is a solution, but it does add another
point of failure to cover an unknown issue.
Thank for your help. :)
-Bill
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the grlug
mailing list