Good thought, but no.
On 4/9/2015 1:45 PM, Matt Brendle wrote:
You aren't blocking UDP 53 from them are you?
-----Original Message-----
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Thursday, April 09, 2015 1:26 PM
To: af@afmug.com
Subject: Re: [AFMUG] Weird network issue
We did try Google DNS. No response. That's why I wanted the ASA config.
So when they are on their backup they can ping anything by IP and it returns
properly. When they nslookup the return does not come back from their DNS server
or ANY whatsoever. Like you tried AT&T's and Googles? Can they ping that DNS
server and receive a return?
Are they using any tunnels? I've seen customers with issues like this before
being multi homed and having VPN's that will only work on one connection.
----- Original Message -----
From: "Adam Moffett" <dmmoff...@gmail.com>
To: af@afmug.com
Sent: Thursday, April 9, 2015 7:06:02 AM
Subject: [AFMUG] Weird network issue
I have a customer who uses us as a backup path to the internet. They
have BGP sessions with us and another provider, and we just stack a
few prepends on the routes they send us and re-advertise them.
When their primary connection is out, they report having partial
connectivity. We just had a two hour test window where their primary
connection was shut off on purpose so that we could test. The other
provider and I spent a ton of time going over BGP and routing stuff
and finally concluded, "gee, it should be working."
After we gave up looking for a routing problem that isn't there, we
did some more basic testing and really the only thing I can conclude
definitely doesn't work when they fail over to us is DNS. Using
nslookup they get no response from any DNS servers.
They have a Cisco 2811 running BGP, but that connects to an ASA, and
everything on their LAN is behind the ASA.
I asked for copies of the configs on the 2811 and the ASA, but I'm not
even sure what I'm looking for yet. Any brilliant ideas?
