[outages] GoDaddy DNS Issues?

Tue Sep 20 17:40:35 EDT 2011

Yes, it means DNS timeout or an ACL/network-level issue vs. getting back
an exclusive response from the query that says "I reject".

Are you using IPv6?  Can you turn off IPv6 to ensure that your
tunnelling provider isn't causing this?

This is networking troubleshooting 101, you should have folks on staff
or available via phone who should be able to help diagnose this problem.
Analysis of packet capture from each device up to your ISP should be
sufficient.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                   Mountain View, CA, US |
| Making life hard for others since 1977.               PGP 4BD6C0CB |

On Tue, Sep 20, 2011 at 05:33:12PM -0400, Michael Moeller wrote:
> On Tue, Sep 20, 2011 at 5:13 PM, Jeremy Chadwick
> <outages at jdc.parodius.com> wrote:
> > I cannot confirm this. ?On Windows machines all I am seeing is that
> > lookups for xyz.com using an authoritative nameserver of
> > ns50.domaincontrol.com is -- correctly -- rejected:
> >
> > PS>nslookup xyz.com ns50.domaincontrol.com
> > *** Can't find server name for address 208.109.255.25: Query refused
> > Server: ?UnKnown
> > Address: ?208.109.255.25
> >
> > *** UnKnown can't find xyz.com: Query refused
> >
> > I see the same behaviour with ns49.domaincontrol.com, ns48, etc...
> >
> > The rejection message here is correct because xyz.com is not a domain
> > GoDaddy's nameservers are authoritative for (root servers as well as
> > WHOIS both confirm this; query a.gtld-servers.net for NS records for
> > xyz.com), and *are not* recursive nameservers.
> >
> > I also see the exact same behaviour with dig on a FreeBSD host. ?Note:
> > "status: REFUSED".
> >
> > $ dig @ns49.domaincontrol.com ns xyz.com
> >
> > ; <<>> DiG 9.6.-ESV-R5 <<>> @ns49.domaincontrol.com ns xyz.com
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25213
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;xyz.com. ? ? ? ? ? ? ? ? ? ? ? IN ? ? ?NS
> >
> > ;; Query time: 75 msec
> > ;; SERVER: 216.69.185.25#53(216.69.185.25)
> > ;; WHEN: Tue Sep 20 14:10:03 2011
> > ;; MSG SIZE ?rcvd: 25
> >
> > Also, according to WHOIS domaincontrol.com is "Wild West Domains". ?Is
> > this a company GoDaddy purchased? ?I have not bothered to check web
> > pages (do not particularly care). ?If not, what's the relation?
> >
> > --
> > | Jeremy Chadwick ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?jdc at parodius.com |
> > | Parodius Networking ? ? ? ? ? ? ? ? ? ? ? http://www.parodius.com/ |
> > | UNIX Systems Administrator ? ? ? ? ? ? ? ? ? Mountain View, CA, US |
> > | Making life hard for others since 1977. ? ? ? ? ? ? ? PGP 4BD6C0CB |
> >
> > On Tue, Sep 20, 2011 at 04:49:47PM -0400, Michael Moeller wrote:
> >> We are receiving various reports from our customers (large
> >> institutions) indicating that they cannot access our public facing
> >> hosts via their FQDNs. ?We use GoDaddy for DNS.
> >>
> >> Initial troubleshooting shows that queries to ns50.domaincontrol.com
> >> and ns49.domaincontrol.com fail from Windows based caching name
> >> servers, however succeed on UNIX/Linux hosts.
> >>
> >> Verification at our site using dig and nslookup confirms the above.
> >>
> >> On a windows host the following is returned for all valid and invalid
> >> domain names:
> >> ? ?*** ns50.domaincontrol.com can't find xyz.com: No response from server
> >>
> >> Can anyone confirm what we are seeing?
> >>
> >> Thanks and regards,
> >> Mike
> >> _______________________________________________
> >> Outages mailing list
> >> Outages at outages.org
> >> https://puck.nether.net/mailman/listinfo/outages
> >
> 
> Any thoughts on the 'no response from server' error message vs a
> 'query refused' error message?