- DNS Failures?
- Posted by Chip on August 9th, 2006
Has anyone else noticed a massive increase in the last 4 months or so
of DNS lookup failures? Is this a net-wide phenomenon or limited to
one or 2 isps? (Virgin.net/NTL/Whatever they're called this week in my
case.)
I have even had confirmation - unofficially - that it's causing my
isp's tech support personnel issues too. DNS is fundamental to the way
we use the internet, if the isp can't even get that right, what hope
is there?
--
The Supreme Court has ruled that there cannot be a Nativity
Scene in Washington, DC this Christmas season. This isn't for
any religious reason, they simply haven't been able to find
three wise men and a virgin in the Nation's capital. There
was no problem, however, finding enough asses to fill the stable.
- Posted by Nicholas Thomas on August 9th, 2006
Chip wrote:
I run my own, and never have any trouble 
xF,
....Nick
- Posted by Tx2 on August 9th, 2006
"Nicholas Thomas" <ku.gro.snagap-erihskroy@enipul.reverse.invalid> wrote in
message news:44da387c$0$632$5a6aecb4@news.aaisp.net.uk...
What are you using?
- Posted by Nicholas Thomas on August 9th, 2006
Tx2 wrote:
BIND 9.
Works as a caching-only nameserver OOTB, and you can poison (e.g.)
Google, Altavista, etc. if you want to as well
Not much point unless other people use it as well, though...
xF,
....Nick
(Treewalk is meant to be good for Windows, BTW)
- Posted by Tx2 on August 9th, 2006
"Nicholas Thomas" <ku.gro.snagap-erihskroy@enipul.reverse.invalid> wrote in
message news:44da3a7b$0$636$5a6aecb4@news.aaisp.net.uk...
Yes, I've used it, but I kept getting a general error with the .exe at
start-up, so I dumped it.
Looking for a Windows soft alternative as I have no intention of going down
the *nix or hardware route.
- Posted by Nicholas Thomas on August 9th, 2006
Tx2 wrote:
Well, BIND does run under windows, IIRC. Not supposed to be as good,
though.
Anything beyond that is out of my scope, unfortunately 
xF,
....Nick
- Posted by Chip on August 9th, 2006
On Wed, 09 Aug 2006 20:42:34 +0100,it is alleged that Nicholas Thomas
<ku.gro.snagap-erihskroy@enipul.reverse.invalid> spake thusly in
uk.telecom.broadband:
[snip]
Last time I used it, it was. If the errors continue I might have to
dig out the installer again.
--
The Supreme Court has ruled that there cannot be a Nativity
Scene in Washington, DC this Christmas season. This isn't for
any religious reason, they simply haven't been able to find
three wise men and a virgin in the Nation's capital. There
was no problem, however, finding enough asses to fill the stable.
- Posted by Bob Eager on August 9th, 2006
On Wed, 9 Aug 2006 19:34:03 UTC, Nicholas Thomas
<ku.gro.snagap-erihskroy@enipul.reverse.invalid> wrote:
Same here! :-) Mind, I use it to provide DNS for my own domains too.
--
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]
- Posted by Aosmosis on August 10th, 2006
"Bob Eager" <rde42@spamcop.net> wrote in message
news:176uZD2KcidF-pn2-ilHFvkqXDQyL@rikki.tavi.co.uk...
Can I ask how you provide your own DNS?
- Posted by Nicholas Thomas on August 10th, 2006
Aosmosis wrote:
First you need to get a domain name, then tell the domain registrar to
forward all DNS queries to your DNS server (procedure varies between
companies & registrars - don't forget to ask for 'glue'!) -- generally
you'll need to have a secondary DNS server, as well (lots of places
offer this service for a small fee, a few offer it for free, or you can
cheat and try giving it the same address twice).
Then you install BIND and set up the appropriate zone files for the
subdomains, etc. that you want.
In all, it's a bit of a pain 
. Google is your friend.
xF,
....Nick
- Posted by Pier Danone on August 10th, 2006
"Nicholas Thomas" <ku.gro.snagap-erihskroy@enipul.reverse.invalid> wrote in
message news:44db101c$0$633$5a6aecb4@news.aaisp.net.uk...
| Aosmosis wrote:
| > "Bob Eager" <rde42@spamcop.net> wrote in message
| > news:176uZD2KcidF-pn2-ilHFvkqXDQyL@rikki.tavi.co.uk...
| >> On Wed, 9 Aug 2006 19:34:03 UTC, Nicholas Thomas
| >> <ku.gro.snagap-erihskroy@enipul.reverse.invalid> wrote:
| >>
| >>>> I have even had confirmation - unofficially - that it's causing my
| >>>> isp's tech support personnel issues too. DNS is fundamental to the way
| >>>> we use the internet, if the isp can't even get that right, what hope
| >>>> is there?
| >>> I run my own, and never have any trouble
| >> Same here! :-) Mind, I use it to provide DNS for my own domains too.
| >> --
| >> [ 7'ism - a condition by which the sufferer experiences an inability
| >> to give concise answers, express reasoned argument or opinion.
| >> Usually accompanied by silly noises and gestures - incurable, early
| >> euthanasia recommended. ]
| >
| >
| > Can I ask how you provide your own DNS?
| >
| >
|
| First you need to get a domain name, then tell the domain registrar to
| forward all DNS queries to your DNS server (procedure varies between
| companies & registrars - don't forget to ask for 'glue'!) -- generally
| you'll need to have a secondary DNS server, as well (lots of places
| offer this service for a small fee, a few offer it for free, or you can
| cheat and try giving it the same address twice).
|
| Then you install BIND and set up the appropriate zone files for the
| subdomains, etc. that you want.
|
| In all, it's a bit of a pain . Google is your friend.
|
| xF,
|
| ...Nick
|
Or you could look at a simple solution like treewalk
http://ntcanuck.com/
- Posted by Bob Eager on August 10th, 2006
On Thu, 10 Aug 2006 07:19:00 UTC, "Aosmosis" <spamp@spam.com> wrote:
For most of the domain name...ask my ISP to let me use my own DNS for
the domain names they register for me, and give them the IP addresses of
my name servers. For one of them, go to the country registrar's control
panels and do it myself.
Configure and start up the copy of BIND that comes with my operating
system. Do this for the backup server too.
There's a couple of optional things, but that's basically it.
--
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]
- Posted by Bob Eager on August 10th, 2006
On Thu, 10 Aug 2006 12:05:17 UTC, "Pier Danone" <Pier Danone@bt.com>
wrote:
Guess you still have to go through the first bit above, though.
--
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]
- Posted by Pier Danone on August 10th, 2006
"Bob Eager" <rde42@spamcop.net> wrote in message
news:176uZD2KcidF-pn2-ubGdk29OiTYz@rikki.tavi.co.uk...
| On Thu, 10 Aug 2006 12:05:17 UTC, "Pier Danone" <Pier Danone@bt.com>
| wrote:
|
| > Or you could look at a simple solution like treewalk
| > http://ntcanuck.com/
|
| Guess you still have to go through the first bit above, though.
Do you?
- Posted by Bob Eager on August 10th, 2006
On Thu, 10 Aug 2006 15:42:45 UTC, "Pier Danone" <Pier Danone@bt.com>
wrote:
To run DNS for your own domains, I mean.
--
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]
- Posted by Mike Scott on August 11th, 2006
Chip wrote:
AFAICT ntl have screwed up DNS somewhere. Looks like a faulty
"transparent" dns proxy or something along those lines. Seems to affect
only (almost only?) those running their own dns server, and possibly
confined to the Cambridge area. I logged a fault call a couple of weeks
ago, but I'm not holding my breath.
But this dates to mid-July, so maybe it's not related to your issue?
--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
- Posted by Pier Danone on August 11th, 2006
"Mike Scott" <usenet.11@spam.stopper.scottsonline.org.uk> wrote in message
news:1VWCg.449$s4.3@newsfe3-win.ntli.net...
| Chip wrote:
| > Has anyone else noticed a massive increase in the last 4 months or so
| > of DNS lookup failures? Is this a net-wide phenomenon or limited to
| > one or 2 isps? (Virgin.net/NTL/Whatever they're called this week in my
| > case.)
|
| AFAICT ntl have screwed up DNS somewhere. Looks like a faulty
| "transparent" dns proxy or something along those lines. Seems to affect
| only (almost only?) those running their own dns server, and possibly
| confined to the Cambridge area. I logged a fault call a couple of weeks
| ago, but I'm not holding my breath.
|
| But this dates to mid-July, so maybe it's not related to your issue?
|
| --
| Please use the corrected version of the address below for replies.
| Replies to the header address will be junked, as will mail from
| various domains listed at www.scottsonline.org.uk
| Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
There are ongoing issues with NTL proxies. It's rarely a DNS failure with them
as such.
Changing the proxy can help and this gives you all the gumph:
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/
- Posted by Pier Danone on August 11th, 2006
"Mike Scott" <usenet.11@spam.stopper.scottsonline.org.uk> wrote in message
news:1VWCg.449$s4.3@newsfe3-win.ntli.net...
| Chip wrote:
| > Has anyone else noticed a massive increase in the last 4 months or so
| > of DNS lookup failures? Is this a net-wide phenomenon or limited to
| > one or 2 isps? (Virgin.net/NTL/Whatever they're called this week in my
| > case.)
|
| AFAICT ntl have screwed up DNS somewhere. Looks like a faulty
| "transparent" dns proxy or something along those lines. Seems to affect
| only (almost only?) those running their own dns server, and possibly
| confined to the Cambridge area. I logged a fault call a couple of weeks
| ago, but I'm not holding my breath.
|
| But this dates to mid-July, so maybe it's not related to your issue?
|
| --
| Please use the corrected version of the address below for replies.
| Replies to the header address will be junked, as will mail from
| various domains listed at www.scottsonline.org.uk
| Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
There are ongoing issues with NTL proxies. It's rarely a DNS failure with them
as such.
Changing the proxy can help and this gives you all the gumph:
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/
- Posted by Mike Scott on August 11th, 2006
Pier Danone wrote:
No, wrong tree :-)
This is most definitely a DNS issue - I've spent a /long/ time analysing
DNS queries and the corresponding replies. There are a couple of threads
around on the subject - the gist is that DNS replies from various
servers are correctly formatted and have good checksums; they just
happen to have had the answers stripped out. The only place this could
be happening seems to be in the ntl network.
--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
- Posted by Bob on August 11th, 2006
On Fri, 11 Aug 2006 09:07:25 +0000, Mike Scott wrote:
How common is transparent dns proxying amongst UK ISP?
I originally setup djbdns dnscache because it was easier than fixing the
problems with my NAT router's dns. I've hoped that it might give me
some protection against poisoning of the ISP's cache too, but I've never
really been sure whether I'm going direct to the authoritative servers or
not. I always get "round number" TTL values on the first-lookup, so I
would hope I am.
