RE: Problems with NS*.worldnic.com

Graeme_Clark · April 25, 2005, 8:08pm

I saw some mention of this in a previous thread. Is anyone else still
experiencing problems? We're seeing general slowness and the use of the
truncate bit in responses, forcing to TCP mode.

We're still having a wack of issues with all names on NSI nameservers. Poking around at other service provider nameservers out there I'm amazed at how many places things are still resolving, something to be said for ignoring DNS TTLs. It's been over 3 days now, so I think I'm going to move what I've still got left with them somewhere else.

I'm getting a roughly 10% response rate from their nameservers, and that's probably optimisticly high.

Graeme

graeme clark | leader, network technologies and services | lavalife corp.
toronto | tel 416 263 6300 x 3658 | fax 416 263 6303

Christopher_L_Morro1 · April 25, 2005, 11:15pm

it may help 'other operators' and 'nsi' to know which servers you can NOT
resolve from, and which cache/recursive hosts are asking
ns<blah>.worldnic.com for the particular domains.

So:

I am at 128.2.35.50, I asked cache00.ns.uu.net for a domain on both:
ns5.worldnic.com and ns25.worldnic.com and got no response

(as a simple for instance, this may help others know they are not alone in
their problems, and the NSI folks might know which askers and answers are
still unhappy with each other)

Simon_Waters1 · April 26, 2005, 8:14am

Have to say we see no issues here with the worldnic.com nameservers, other
than they appear to be located on the same physical network.

I think people should post queries that fail, including date/time, and full
"dig" output for that query from the server they used, and the version of
recursive nameserver used. Otherwise it is purely speculative guess work to
figure out if it is a DNS delegation issue, or something else (network
congestion?).

No one should be surprised that a DNS request may be truncated and switched to
TCP, that is in the RFCs. Although the servers in question run BIND9 so
presumably support EDNS0, which suggests those seeing truncation may be
running rather old code, or unusual recursive resolvers.

The worldnic.com and worldnic.net appear to use the YYYYMMDDVV convention for
SOA serial numbers, and so it would appear nothing has changed their end in
terms of zone data for at least five months in terms of zone file settings.

All looks rosy from here.

Christopher_L_Morro1 · April 26, 2005, 1:22pm

Have to say we see no issues here with the worldnic.com nameservers, other
than they appear to be located on the same physical network.

I think people should post queries that fail, including date/time, and full
"dig" output for that query from the server they used, and the version of
recursive nameserver used. Otherwise it is purely speculative guess work to
figure out if it is a DNS delegation issue, or something else (network
congestion?).

I think I suggested similar yesterday as did Mr. Bush.

The worldnic.com and worldnic.net appear to use the YYYYMMDDVV convention for
SOA serial numbers, and so it would appear nothing has changed their end in
terms of zone data for at least five months in terms of zone file settings.

Interesting, I thought the worldnic.com servers were NSI's 'free hosting
for domains you registered through us' servers, which would imply they get
changed 'frequently' no?

Bandy_Rush1 · April 26, 2005, 1:35pm

lots of folk sent email to me and not the list. most report
worldnic responding with tcp 53 and not udp. would love to
hear confirmation on list. can think of a number of causes,
one possible, but just a stab in the dark, would be an
intentional hack as a defense to a spoofed-ip attack.

what are some names known to be hosted on worldnic?

randy

Peter_Corlett · April 26, 2005, 1:51pm

lots of folk sent email to me and not the list. most report worldnic
responding with tcp 53 and not udp. would love to hear confirmation
on list. can think of a number of causes, one possible, but just a
stab in the dark, would be an intentional hack as a defense to a
spoofed-ip attack.

That's quite an interesting theory, and you may be right. However,
when given the choice between incompetence and malice, I know which
one my money is on.

what are some names known to be hosted on worldnic?

voipbuster.com's one that they've been whining about on uk.telecom.
Right now, UDP DNS requests to ns25/ns26.worldnic.com for that domain
are giving truncated responses and TCP calls aren't even being
answered, so it's even more buggered than the last time I poked at it.

Christopher_L_Morro1 · April 26, 2005, 1:58pm

we had problems reported with:

www.calairmail.com
www.holidaycardwebsite.com

I did some poking around lastnight with dig and some local unix hosts that
I hadn't tried this before on and got no change to tcp (so no truncate
and returned results via UDP) though today I see:

morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns7.worldnic.com
;; Truncated, retrying in TCP mode.

and failures (which is PROBABLY my silly iptables config...)

morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns8.worldnic.com

; <<>> DiG 9.2.2rc1 <<>> www.holidaycardwebsite.com. @ns8.worldnic.com
;; global options: printcmd

interesting that both servers aren't doing the same thing?

Christopher_L_Morro1 · April 26, 2005, 2:34pm

yup, this was clarified off-list I'll take my pre-coffee lumps on that
one where is that coffee pot?

aljuhani1 · April 26, 2005, 4:30pm

lots of folk sent email to me and not the list. most report
worldnic responding with tcp 53 and not udp. would love to
hear confirmation on list. can think of a number of causes,
one possible, but just a stab in the dark, would be an
intentional hack as a defense to a spoofed-ip attack.

That is a bind issue when receiving empty response from
worldnic ns on udp queries, it asks again on tcp which
is very slow.

more here:

what are some names known to be hosted on worldnic?

randy

aljuhani