And the winner is Ross. After more debugging, we tracked the problem
down to the iboss box and this morning they fessed up to having an
intermittent problem (does not seem that intermittent to me) that they
are working to fix.
Thanks to everyone for their ideas.
cheers,
ski
On 12/08/2015 02:32 PM, Ross West wrote:
I forgot to reply to the list, but a quick google shows that is the IP
for the iBoss (http://www.iboss.com/) content filtering system.
Nothing too sinister going on (and should be expected for a school based
internet system).
R.
On 08/12/15 05:29 PM, Shane Harvey wrote:
Could this be the case? Can you try +trace +additional ?This was from
-> http://serverfault.com/questions/482913/is-dig-trace-always-accurate
|"+trace| cheated and consulted the local resolver to obtain the IP
address of the next hop nameserver instead of consulting the glue.
Sneaky!
This is usually "good enough" and won't cause a problem for most people.
Unfortunately, there are edge cases. If for whatever reason your
upstream DNS cache is providing the wrong answer for the nameserver,
this model breaks down entirely.
Real world example:
* domain expires
* glue is repointed at registrar redirection nameservers
* bogus IPs are cached for ns1 and ns2.yourdomain.com
<http://ns2.yourdomain.com>
* domain is renewed with restored glue
* any caches with the bogus nameserver IPs continue to send people to
a website that says the domain is for sale
In the above case, |+trace| will suggest that the domain owner's own
nameservers are the source of the problem, and you're one call away from
incorrectly telling a customer that their servers are misconfigured.
Whether it's something you can (or are willing to) do something about is
another story, but it's important to have the right information.
|dig +trace| is a great tool, but like any tool, you need to know what
it does and doesn't do, and how to troubleshoot the issue manually when
it proves insufficient."
On Tue, Dec 8, 2015 at 3:58 PM, Ski Kacoroski <[email protected]
<mailto:[email protected]>> wrote:
One more bit of information. When I wireshark the queries, any
query to youtube.com <http://youtube.com> ends with:
Standard query response .... A 208.70.74.21 [ETHERNET FRAME CHECK
SEQUENCE INCORRECT]
Queries to other locations work correctly and do not have that
problem.
cheers,
ski
On 12/08/2015 01:36 PM, Shane Harvey wrote:
try doing a dig @localDNSserver youtube.com <http://youtube.com>
<http://youtube.com> and see
what is happening. Do you have any content filtering that may be
blocking it? I used to see a lot of schools getting blocked by
google
because of traffic routing through a content
filter/firewal/NAT and
google would block that ip by the amount of traffic from one ip.
On Tue, Dec 8, 2015 at 3:16 PM, Ski Kacoroski
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
Hi,
This morning everything went south with youtube.com
<http://youtube.com>
<http://youtube.com> for my school district in Bothell,
WA. When I
am on the school district network I get:
ski@elle:~$ dig +trace youtube.com <http://youtube.com>
<http://youtube.com>
; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> +trace youtube.com
<http://youtube.com>
<http://youtube.com>
;; global options: +cmd
. 436781 IN NS
j.root-servers.net <http://j.root-servers.net>
<http://j.root-servers.net>.
. 436781 IN NS
c.root-servers.net <http://c.root-servers.net>
<http://c.root-servers.net>.
. 436781 IN NS
h.root-servers.net <http://h.root-servers.net>
<http://h.root-servers.net>.
. 436781 IN NS
f.root-servers.net <http://f.root-servers.net>
<http://f.root-servers.net>.
. 436781 IN NS
m.root-servers.net <http://m.root-servers.net>
<http://m.root-servers.net>.
. 436781 IN NS
b.root-servers.net <http://b.root-servers.net>
<http://b.root-servers.net>.
. 436781 IN NS
g.root-servers.net <http://g.root-servers.net>
<http://g.root-servers.net>.
. 436781 IN NS
d.root-servers.net <http://d.root-servers.net>
<http://d.root-servers.net>.
. 436781 IN NS
k.root-servers.net <http://k.root-servers.net>
<http://k.root-servers.net>.
. 436781 IN NS
l.root-servers.net <http://l.root-servers.net>
<http://l.root-servers.net>.
. 436781 IN NS
e.root-servers.net <http://e.root-servers.net>
<http://e.root-servers.net>.
. 436781 IN NS
a.root-servers.net <http://a.root-servers.net>
<http://a.root-servers.net>.
. 436781 IN NS
i.root-servers.net <http://i.root-servers.net>
<http://i.root-servers.net>.
. 515218 IN RRSIG NS 8 0
518400
20151218170000 20151208160000 62530 .
QgF9b0kXkgGRVGVcwqm6g8EwvtFqG+vO4kx1lQfGijbaZcLkwkEIOoEh
8wPc6IiVyI6c7ua0SaL9i7A7Q0zy//fQJLb+Ji7xFtD4n0uSTzm0Xyd/
iainDAwnXRzwoFxR2j7dLRu7N0dsLpYKF9s9VF+Ky2nCcCnZqQlLEFDs
L+A=
;; Received 913 bytes from 127.0.1.1#53(127.0.1.1) in 74 ms
youtube.com <http://youtube.com> <http://youtube.com>.
0 IN A
208.70.74.21
;; Received 45 bytes from
192.203.230.10#53(e.root-servers.net <http://e.root-servers.net>
<http://e.root-servers.net>) in 1 ms
Notice that there is no recursion or name servers. This
does not
look like a standard DNS transaction. Not only that, but
208.70.74.21 is owned by Multacom Corp. Any ideas why this
is going
on? Is my DNS being hijacked somehow. This only happens
for
youtube.com <http://youtube.com> <http://youtube.com> -
apple.com <http://apple.com> <http://apple.com>,
www.google.com <http://www.google.com> <http://www.google.com>,
etc. all work as expected.
For comparison, when I use my verizon phone hotspot I get:
ski@elle:~$ dig +trace youtube.com <http://youtube.com>
<http://youtube.com>
; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> +trace youtube.com
<http://youtube.com>
<http://youtube.com>
;; global options: +cmd
. 38588 IN NS
b.root-servers.net <http://b.root-servers.net>
<http://b.root-servers.net>.
. 38588 IN NS
d.root-servers.net <http://d.root-servers.net>
<http://d.root-servers.net>.
. 38588 IN NS
f.root-servers.net <http://f.root-servers.net>
<http://f.root-servers.net>.
. 38588 IN NS
c.root-servers.net <http://c.root-servers.net>
<http://c.root-servers.net>.
. 38588 IN NS
m.root-servers.net <http://m.root-servers.net>
<http://m.root-servers.net>.
. 38588 IN NS
g.root-servers.net <http://g.root-servers.net>
<http://g.root-servers.net>.
. 38588 IN NS
e.root-servers.net <http://e.root-servers.net>
<http://e.root-servers.net>.
. 38588 IN NS
i.root-servers.net <http://i.root-servers.net>
<http://i.root-servers.net>.
. 38588 IN NS
l.root-servers.net <http://l.root-servers.net>
<http://l.root-servers.net>.
. 38588 IN NS
k.root-servers.net <http://k.root-servers.net>
<http://k.root-servers.net>.
. 38588 IN NS
h.root-servers.net <http://h.root-servers.net>
<http://h.root-servers.net>.
. 38588 IN NS
j.root-servers.net <http://j.root-servers.net>
<http://j.root-servers.net>.
. 38588 IN NS
a.root-servers.net <http://a.root-servers.net>
<http://a.root-servers.net>.
;; Received 239 bytes from 127.0.1.1#53(127.0.1.1) in
16499 ms
com. 172800 IN NS
m.gtld-servers.net <http://m.gtld-servers.net>
<http://m.gtld-servers.net>.
com. 172800 IN NS
l.gtld-servers.net <http://l.gtld-servers.net>
<http://l.gtld-servers.net>.
com. 172800 IN NS
k.gtld-servers.net <http://k.gtld-servers.net>
<http://k.gtld-servers.net>.
com. 172800 IN NS
j.gtld-servers.net <http://j.gtld-servers.net>
<http://j.gtld-servers.net>.
com. 172800 IN NS
i.gtld-servers.net <http://i.gtld-servers.net>
<http://i.gtld-servers.net>.
com. 172800 IN NS
h.gtld-servers.net <http://h.gtld-servers.net>
<http://h.gtld-servers.net>.
com. 172800 IN NS
g.gtld-servers.net <http://g.gtld-servers.net>
<http://g.gtld-servers.net>.
com. 172800 IN NS
f.gtld-servers.net <http://f.gtld-servers.net>
<http://f.gtld-servers.net>.
com. 172800 IN NS
e.gtld-servers.net <http://e.gtld-servers.net>
<http://e.gtld-servers.net>.
com. 172800 IN NS
d.gtld-servers.net <http://d.gtld-servers.net>
<http://d.gtld-servers.net>.
com. 172800 IN NS
c.gtld-servers.net <http://c.gtld-servers.net>
<http://c.gtld-servers.net>.
com. 172800 IN NS
b.gtld-servers.net <http://b.gtld-servers.net>
<http://b.gtld-servers.net>.
com. 172800 IN NS
a.gtld-servers.net <http://a.gtld-servers.net>
<http://a.gtld-servers.net>.
com. 86400 IN DS 30909 8 2
E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF
C41A5766
com. 86400 IN RRSIG DS 8 1 86400
20151218170000 20151208160000 62530 .
CqO6/JQRMrFAIlB7I6oguyun+/InWoLWNJh0pPCNOJ00sOjxz+X9EZT0
jy0Dpn2nYAdI6F7adUOnGG5jHsiz7oQmHg9ncyMUoVkeMQV+p0JL4Wdf
kLqufz6NueraOLgs8FII8GP968odDLDbFbpD3wWM9tEh+NqZhaS5PiMT
YJQ=
;; Received 735 bytes from 198.41.0.4#53(a.root-servers.net
<http://a.root-servers.net>
<http://a.root-servers.net>) in 3031 ms
youtube.com <http://youtube.com> <http://youtube.com>.
172800 IN NS
ns2.google.com <http://ns2.google.com> <http://ns2.google.com>.
youtube.com <http://youtube.com> <http://youtube.com>.
172800 IN NS
ns1.google.com <http://ns1.google.com> <http://ns1.google.com>.
youtube.com <http://youtube.com> <http://youtube.com>.
172800 IN NS
ns3.google.com <http://ns3.google.com> <http://ns3.google.com>.
youtube.com <http://youtube.com> <http://youtube.com>.
172800 IN NS
ns4.google.com <http://ns4.google.com> <http://ns4.google.com>.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 -
CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY
NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3
8 2 86400
20151214055737 20151207044737 51797 com.
MrwJSdJZKLjHepqim6qM+oa1W+Ya6OzG4/yHhG3DRcjGGYUVzfTqqKsA
GOHkyBZ2eUKiBhcjKEdf+uvwpx0pAuaV0v1u3LaML52ILvd8Jh6Hxx2r
OqHPZ5O2QuZMnnFZuXYYYRWDnExxtPPhh94jHf7vHojNIiv/zDanYb5E
VSo=
H5AFKDOBP05VCGM6958STOKNIEDLV3OR.com. 86400 IN NSEC3 1 1 0 -
H5AMN1SCRI4J99BRA7K4B8C018PJIVPN NS DS RRSIG
H5AFKDOBP05VCGM6958STOKNIEDLV3OR.com. 86400 IN RRSIG NSEC3
8 2 86400
20151214055802 20151207044802 51797 com.
oMRyyXEiWOQVDPLjm2ggBzF3CzI2/HO4PGJhO4nFueMD9gamuiENz+gA
ew/kdtnbztKucRSCMgtG2+uhQployz/WBRf1angLfWtIqeJR2008qayS
O0I4lHtchB6QGPT1UQf/qH9Bt9u5VlD7Naw/luQxBk9O4W+HiFf2wGsi
fKA=
;; Received 668 bytes from
192.31.80.30#53(d.gtld-servers.net <http://d.gtld-servers.net>
<http://d.gtld-servers.net>) in 2402 ms
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.25
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.44
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.59
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.54
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.55
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.20
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.35
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.49
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.29
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.45
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.39
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.24
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.30
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.34
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.50
youtube.com <http://youtube.com> <http://youtube.com>.
300 IN A
209.118.208.40
;; Received 285 bytes from 216.239.38.10#53
<tel:216.239.38.10%2353>
<tel:216.239.38.10%2353>(ns4.google.com
<http://ns4.google.com> <http://ns4.google.com>) in
415 ms
cheers,
ski
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, [email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>,
206-501-9803 <tel:206-501-9803> <tel:206-501-9803
<tel:206-501-9803>>
or ski98033 on most IM services
_______________________________________________
Discuss mailing list
[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System
Administrators
http://lopsa.org/
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, [email protected]
<mailto:[email protected]>, 206-501-9803 <tel:206-501-9803>
or ski98033 on most IM services
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, [email protected], 206-501-9803
or ski98033 on most IM services
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
