G root not responding on UDP?

Anurag_Bhatia · April 14, 2016, 11:30am

Hello everyone

I wonder if it's just me or anyone else also finding issues in g root
reachability?

ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work.

Trace is timing out on 208.46.37.38.

traceroute to 192.112.36.4 (192.112.36.4), 64 hops max, 52 byte packets
1 router01.home (172.16.0.1) 4.926 ms 1.863 ms 1.845 ms
2 103.60.176.101 (103.60.176.101) 24.007 ms 24.507 ms 22.330 ms
3 nsg-static-137.49.75.182-airtel.com (182.75.49.137) 64.435 ms 64.359
ms 66.108 ms
4 182.79.206.46 (182.79.206.46) 331.787 ms
182.79.206.53 (182.79.206.53) 228.497 ms
182.79.222.189 (182.79.222.189) 224.966 ms
5 ldn-brdr-01.qwest.net (195.66.225.34) 162.745 ms 162.139 ms 162.031
ms
6 lon-ddos-01.inet.qwest.net (67.14.63.58) 162.138 ms 162.125 ms
162.916 ms
7 * * *
8 chp-edge-01.inet.qwest.net (208.46.37.37) 242.819 ms 242.793 ms
242.575 ms
9 208.46.37.38 (208.46.37.38) 253.176 ms 253.066 ms 252.807 ms
10 * * *
11 * * *
12 * * *

dig @192.112.36.4 . ns

; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

dig @192.112.36.4 . ns +tcp +noauth

; <<>> DiG 9.8.3-P1 <<>> @192.112.36.4 . ns +tcp +noauth
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29674
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 24
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 518400 IN NS g.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS d.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 199.7.91.13
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 198.97.190.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN AAAA 2001:500:84::b
c.root-servers.net. 3600000 IN AAAA 2001:500:2::c
d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
h.root-servers.net. 3600000 IN AAAA 2001:500:1::53
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35

;; Query time: 259 msec
;; SERVER: 192.112.36.4#53(192.112.36.4)
;; WHEN: Thu Apr 14 16:59:09 2016
;; MSG SIZE rcvd: 744

Is UDP blocked recently or it has been like this from long?

Nicholas_Suan1 · April 14, 2016, 11:36am

I'm see the same thing from multiple networks.

$ dig NS . @g.root-servers.net

; <<>> DiG 9.9.5 <<>> NS . @g.root-servers.net
;; global options: +cmd
;; connection timed out; no servers could be reached

Jim_Glassford · April 14, 2016, 11:40am

fyi,

some discussion and below link from the bind mailing list on this

https://atlas.ripe.net/dnsmon/group/g-root

Robert_Kisteleki · April 14, 2016, 12:29pm

It's not only you:

https://atlas.ripe.net/dnsmon/?dnsmon.session.color_range_pls=0-5-5-25-100&dnsmon.session.exclude-errors=true&dnsmon.type=server-probes&dnsmon.server=192.112.36.4&dnsmon.zone=root&dnsmon.startTime=1460574600&dnsmon.endTime=1460616600&dnsmon.ipVersion=both

(shorter link: https://t.co/7lgnCFCEDZ)

Cheers,
Robert

Robert_Kisteleki · April 14, 2016, 12:57pm

... and it recovered already:

https://atlas.ripe.net/dnsmon/?dnsmon.session.color_range_pls=0-5-5-25-100&dnsmon.session.exclude-errors=true&dnsmon.type=server-probes&dnsmon.server=192.112.36.4&dnsmon.zone=root&dnsmon.startTime=1460595996&dnsmon.endTime=1460637996&dnsmon.ipVersion=both&dnsmon.timeWindow=42000

Robert

Cassell_James_D_CIV · April 15, 2016, 9:23pm

Regarding yesterday's G-root outage:

Like many outages, this one resulted from a series of unfortunate events.
These unfortunate events were operational errors; steps have been taken to
prevent any reoccurrence, and to provide better service in the future.

Jim Cassell
DoD NIC

Christopher_Morrow · April 18, 2016, 1:28pm

thanks for engaging, I wonder if there's a post-mortem coming for this?
Folk that run significant infrastructure often run into problems before us
normal folk do... so learning from your missteps is educational for the
rest of us

-chris
(also, someone, me maybe? asked the same thing from ARIN's folk when they
made a boo-boo with rdns records ~1 month or so ago... so fair's fair! )