Re: router causing strange DNS behaviour?

From: James Muir (invalid.email_at_dev.null)
Date: 05/21/05 

Date: Fri, 20 May 2005 18:35:13 -0400

On Fri, 20 May 2005, Moe Trin wrote:

> In article <1116564501.929117.113030@g47g2000cwa.googlegroups.com>, prg wrote:
> >
> >Moe Trin wrote:
>
> >> Suspicion: 'dns.<mumble>.rogers.com' is for customers, while the unwashed
> >> masses out here are supposed to use ns?.<mumble>.rogers.com.
> >
> >Could very well be the case. These cobbled together ISP networks can
> >be Byzantine. That's why I like poking at them with traceroute just to
> >see where they let me go before dropping packets. It's not very
> >efficient but turns up surprising results sometimes ;)

Yes, I'm quite certain that is the case. The two Roger's DNS servers that I
had been using (24.153.22.67, 24.153.22.195) are privileged access. You
shouldn't be able to 'dig' them.

> >Standard query A www.farmimplement.com: (small town in central Arkansas)
>
> yabbut that's 65.216.49.59 which is uu.net
>
> >; <<>> DiG 9.2.1 <<>> @205.166.226.38 www.cityofsearcy.org
>
> 66.136.239.195 which is SBC (swbell)
>
> >; <<>> DiG 9.2.1 <<>> @205.166.226.38 weiser.govoffice.com [in SW Idaho]
>
> 63.228.251.51 which is qworst
>
> >; <<>> DiG 9.2.1 <<>> @205.166.226.38 www.buhlidaho.us [in S Central Idaho]
>
> 216.55.145.2 which is Abacus America (abac.com) which is a /18 with at
> least a decent sized feed from Level3
>
> "Boondocksville" doesn't specifically mean that it's at the end of the
> earth as regards networking. Actually, only the swbell address is more
> than 9 hops from my border router. (SWBell looks to have their routing
> much more fragmented, as I make 11 hops _within_ their domain [SJC twice,
> SFO, SLC, DEN, MKC twice, and 3 in LIT] alone.)

Is there some implication here that Ottawa (the capital of Canada) is in the
boonies? ;-)

> >Can't see why OP could not use this for a name server if it _is_ a
> >Rogers DNS issue instead of his router.
>
> I dunno. Rogers is a Canadian ISP, and their name servers should have
> the IPs of the TLD servers authoritative for .ca cached (there are
> apparently six servers authoritative for .ca., with 2 day TTLs on their
> names and IP addresses). I don't know how many _domains_ there are in
> .ca (ARIN has assigned 4911 IPv4 networks totalling 64,933,888 individual
> IP addresses though there are only 763 autonomous system numbers). This
> means the worst case query scenario should be a query to the .ca
> name servers, which should return name and IP of the SLD server (here,
> nserc.ca), which should then result in a third query which should provide
> the desired answer. When I tried the query of the nserc.ca name server at
> 198.96.3.152 (powerweb4.nserc.ca) asking for the IP of www.nserc.ca, dig
> reported 305 msec.

I just tried and I got 20 msec:

$ dig @198.96.3.152 www.nserc.ca +noall +answer +stats

; <<>> DiG 9.2.2 <<>> @198.96.3.152 www.nserc.ca +noall +answer +stats
;; global options: printcmd
www.nserc.ca. 3600 IN A 198.96.3.190
;; Query time: 20 msec
;; SERVER: 198.96.3.152#53(198.96.3.152)
;; WHEN: Fri May 20 18:06:56 2005
;; MSG SIZE rcvd: 46

I have given up on Roger's DNS servers and am now using the public access
DNS server ns1.granitecanyon.com [205.166.226.38] (courtesy of
http://soa.granitecanyon.com/). There are some other public access DNS
servers listed at http://www.open-rsc.org . This solves the problem but it
doesn't tell me why the problem occurred in the first place.

> >Actually the OP's symptoms seemed a mixture of possible problems:
> >-- ISP's internal workings
> >-- ISP's name servers
> >-- dslreports FAQ on Rogers saying that his d-link was flakey with
> >certain Terayon modems used by Rogers

I have a WebStar modem and my router's firmware is fully up-to-date.

> I'm still wondering if increasing the timeout might also help.
>
> >Had to leave _something_ for OP to investigate ;)

Well, the OP (me) sent off a few emails to D-link tech support. They echoed
Moe's suggestion that I statically configure each client behind the router
to use Roger's DNS servers. This way the router would no longer be relaying
DNS requests. Even though I tried this before without success, I decided to
give it another go. At first this seemed to help. I was able to resolve
www.nserc.ca a couple of times on both clients using Roger's DNS servers.
But, after 10mins and a few reboots, the problem came back. So it seems
that it is not just a problem with the way the router relays DNS packets.

I think my service agreement with my ISP says that I am not supposed to have
more than one client connected to the cable modem (a Webstar). I wonder if
they have found a way to detect that there is more than one client behind
the router and have implemented some kind of countermeasure. But then why
would I only be experiencing a problem with one url?

In any case, now that I have a fix, I think I will have to stop
investigating and get back to other things.

Thanks for your help and suggestions.

-James