[GRLUG] !Linux-periodic dns failure
Michael Mol
mikemol at gmail.com
Tue Aug 31 14:33:10 EDT 2010
On Tue, Aug 31, 2010 at 12:49 PM, Bill Littlejohn <billl at mtd-inc.com> wrote:
> On Tue, Aug 31, 2010 at 10:44 AM, Michael Mol <mikemol at gmail.com> wrote:
>> On Tue, Aug 31, 2010 at 2:32 PM, Bill Littlejohn <billl at mtd-inc.com> wrote:
>>> We use Charter Business as our primary ISP, and an internal forwarding
>>> DNS server that forwards to DynDNS for external domains.
>>> A couple times a week we're having failure of DNS for about 10 minutes
>>> at a time, so I wrote a script to check the Charter gateway, internal
>>> DNS, DynDNS, OpenDNS, and Charter DNS.
>>> During the last failure (ending 10:02am today) I ran the script and
>>> all external DNS queries timed out except for Charter's DNS.
>>> That would seem to indicate that Charter is somehow dropping or
>>> interfering with those external DNS queries.
>>> Anyone know how I might verify that?
>>>
>>> I called Charter support... they offered to send someone to test our
>>> modem. <sigh>
>>
>> A note: DNS uses UDP, which (unlike TCP) does not guarantee delivery.
>> It's quite possible that they're dealing with network congestion,
>> causing dropped packets. For TCP, this just results in lowered
>> throughput until your local machines re-send their packets, but UDP
>> doesn't have a fallback like that.
>>
>> Use a VPN to tunnel your DNS queries through? I'd suggest configuring
>> the VPN tunnel to use TCP as a carrier (OpenVPN, for example, supports
>> both TCP and UDP as carriers), so your UDP packets are guaranteed to
>> get to the other end of the VPN link, at least.
>>
>>
>> --
>> :wq
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> _______________________________________________
>> grlug mailing list
>> grlug at grlug.org
>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>>
>
> Good point about UDP.
> I'll have to determine if Charter is suffering from congestion.
> A VPN to my Linode server would get the DNS packets there, but still
> wouldn't confirm if Charter is messing with DNS or is overloaded.
Actually, it would. If your VPN is configured for UDP as a carrier,
and you still have query issues, then it's simple congestion. Switch
over to TCP, and things should work, even if they're slow.
--
:wq
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the grlug
mailing list