Sounds less like "a problem" and more like "they were running the queries through themselves to do filtering on good-versus-bad videos".
My $0.02. On 12/9/2015 1:19 PM, Ski Kacoroski wrote: > And the winner is Ross. After more debugging, we tracked the problem > down to the iboss box and this morning they fessed up to having an > intermittent problem (does not seem that intermittent to me) that they > are working to fix. > > Thanks to everyone for their ideas. > > cheers, > > ski > > On 12/08/2015 02:32 PM, Ross West wrote: >> >> I forgot to reply to the list, but a quick google shows that is the IP >> for the iBoss (http://www.iboss.com/) content filtering system. >> >> Nothing too sinister going on (and should be expected for a school based >> internet system). >> >> R. >> >> On 08/12/15 05:29 PM, Shane Harvey wrote: >>> Could this be the case? Can you try +trace +additional ?This was from >>> -> http://serverfault.com/questions/482913/is-dig-trace-always-accurate >>> >>> |"+trace| cheated and consulted the local resolver to obtain the IP >>> address of the next hop nameserver instead of consulting the glue. >>> Sneaky! >>> >>> This is usually "good enough" and won't cause a problem for most >>> people. >>> Unfortunately, there are edge cases. If for whatever reason your >>> upstream DNS cache is providing the wrong answer for the nameserver, >>> this model breaks down entirely. >>> >>> Real world example: >>> >>> * domain expires >>> * glue is repointed at registrar redirection nameservers >>> * bogus IPs are cached for ns1 and ns2.yourdomain.com >>> <http://ns2.yourdomain.com> >>> * domain is renewed with restored glue >>> * any caches with the bogus nameserver IPs continue to send people to >>> a website that says the domain is for sale >>> >>> In the above case, |+trace| will suggest that the domain owner's own >>> nameservers are the source of the problem, and you're one call away >>> from >>> incorrectly telling a customer that their servers are misconfigured. >>> Whether it's something you can (or are willing to) do something >>> about is >>> another story, but it's important to have the right information. >>> >>> |dig +trace| is a great tool, but like any tool, you need to know what >>> it does and doesn't do, and how to troubleshoot the issue manually when >>> it proves insufficient." >>> >>> >>> On Tue, Dec 8, 2015 at 3:58 PM, Ski Kacoroski <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> One more bit of information. When I wireshark the queries, any >>> query to youtube.com <http://youtube.com> ends with: >>> >>> Standard query response .... A 208.70.74.21 [ETHERNET FRAME CHECK >>> SEQUENCE INCORRECT] >>> >>> Queries to other locations work correctly and do not have that >>> problem. >>> >>> cheers, >>> >>> ski >>> >>> On 12/08/2015 01:36 PM, Shane Harvey wrote: >>> >>> try doing a dig @localDNSserver youtube.com >>> <http://youtube.com> >>> <http://youtube.com> and see >>> what is happening. Do you have any content filtering that >>> may be >>> blocking it? I used to see a lot of schools getting blocked by >>> google >>> because of traffic routing through a content >>> filter/firewal/NAT and >>> google would block that ip by the amount of traffic from one >>> ip. >>> >>> On Tue, Dec 8, 2015 at 3:16 PM, Ski Kacoroski >>> <[email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>>> >>> wrote: >>> >>> Hi, >>> >>> This morning everything went south with youtube.com >>> <http://youtube.com> >>> <http://youtube.com> for my school district in Bothell, >>> WA. When I >>> am on the school district network I get: >>> >>> ski@elle:~$ dig +trace youtube.com <http://youtube.com> >>> <http://youtube.com> >>> >>> ; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> +trace youtube.com >>> <http://youtube.com> >>> <http://youtube.com> >>> ;; global options: +cmd >>> . 436781 IN NS >>> j.root-servers.net <http://j.root-servers.net> >>> <http://j.root-servers.net>. >>> . 436781 IN NS >>> c.root-servers.net <http://c.root-servers.net> >>> <http://c.root-servers.net>. >>> . 436781 IN NS >>> h.root-servers.net <http://h.root-servers.net> >>> <http://h.root-servers.net>. >>> . 436781 IN NS >>> f.root-servers.net <http://f.root-servers.net> >>> <http://f.root-servers.net>. >>> . 436781 IN NS >>> m.root-servers.net <http://m.root-servers.net> >>> <http://m.root-servers.net>. >>> . 436781 IN NS >>> b.root-servers.net <http://b.root-servers.net> >>> <http://b.root-servers.net>. >>> . 436781 IN NS >>> g.root-servers.net <http://g.root-servers.net> >>> <http://g.root-servers.net>. >>> . 436781 IN NS >>> d.root-servers.net <http://d.root-servers.net> >>> <http://d.root-servers.net>. >>> . 436781 IN NS >>> k.root-servers.net <http://k.root-servers.net> >>> <http://k.root-servers.net>. >>> . 436781 IN NS >>> l.root-servers.net <http://l.root-servers.net> >>> <http://l.root-servers.net>. >>> . 436781 IN NS >>> e.root-servers.net <http://e.root-servers.net> >>> <http://e.root-servers.net>. >>> . 436781 IN NS >>> a.root-servers.net <http://a.root-servers.net> >>> <http://a.root-servers.net>. >>> . 436781 IN NS >>> i.root-servers.net <http://i.root-servers.net> >>> <http://i.root-servers.net>. >>> . 515218 IN RRSIG NS 8 0 >>> 518400 >>> 20151218170000 20151208160000 62530 . >>> QgF9b0kXkgGRVGVcwqm6g8EwvtFqG+vO4kx1lQfGijbaZcLkwkEIOoEh >>> 8wPc6IiVyI6c7ua0SaL9i7A7Q0zy//fQJLb+Ji7xFtD4n0uSTzm0Xyd/ >>> iainDAwnXRzwoFxR2j7dLRu7N0dsLpYKF9s9VF+Ky2nCcCnZqQlLEFDs >>> L+A= >>> ;; Received 913 bytes from 127.0.1.1#53(127.0.1.1) in >>> 74 ms >>> >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 0 IN A >>> 208.70.74.21 >>> ;; Received 45 bytes from >>> 192.203.230.10#53(e.root-servers.net >>> <http://e.root-servers.net> >>> <http://e.root-servers.net>) in 1 ms >>> >>> >>> >>> Notice that there is no recursion or name servers. This >>> does not >>> look like a standard DNS transaction. Not only that, but >>> 208.70.74.21 is owned by Multacom Corp. Any ideas why >>> this >>> is going >>> on? Is my DNS being hijacked somehow. This only happens >>> for >>> youtube.com <http://youtube.com> <http://youtube.com> - >>> apple.com <http://apple.com> <http://apple.com>, >>> www.google.com <http://www.google.com> <http://www.google.com>, >>> etc. all work as expected. >>> >>> For comparison, when I use my verizon phone hotspot I get: >>> >>> ski@elle:~$ dig +trace youtube.com <http://youtube.com> >>> <http://youtube.com> >>> >>> ; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> +trace youtube.com >>> <http://youtube.com> >>> <http://youtube.com> >>> ;; global options: +cmd >>> . 38588 IN NS >>> b.root-servers.net <http://b.root-servers.net> >>> <http://b.root-servers.net>. >>> . 38588 IN NS >>> d.root-servers.net <http://d.root-servers.net> >>> <http://d.root-servers.net>. >>> . 38588 IN NS >>> f.root-servers.net <http://f.root-servers.net> >>> <http://f.root-servers.net>. >>> . 38588 IN NS >>> c.root-servers.net <http://c.root-servers.net> >>> <http://c.root-servers.net>. >>> . 38588 IN NS >>> m.root-servers.net <http://m.root-servers.net> >>> <http://m.root-servers.net>. >>> . 38588 IN NS >>> g.root-servers.net <http://g.root-servers.net> >>> <http://g.root-servers.net>. >>> . 38588 IN NS >>> e.root-servers.net <http://e.root-servers.net> >>> <http://e.root-servers.net>. >>> . 38588 IN NS >>> i.root-servers.net <http://i.root-servers.net> >>> <http://i.root-servers.net>. >>> . 38588 IN NS >>> l.root-servers.net <http://l.root-servers.net> >>> <http://l.root-servers.net>. >>> . 38588 IN NS >>> k.root-servers.net <http://k.root-servers.net> >>> <http://k.root-servers.net>. >>> . 38588 IN NS >>> h.root-servers.net <http://h.root-servers.net> >>> <http://h.root-servers.net>. >>> . 38588 IN NS >>> j.root-servers.net <http://j.root-servers.net> >>> <http://j.root-servers.net>. >>> . 38588 IN NS >>> a.root-servers.net <http://a.root-servers.net> >>> <http://a.root-servers.net>. >>> ;; Received 239 bytes from 127.0.1.1#53(127.0.1.1) in >>> 16499 ms >>> >>> com. 172800 IN NS >>> m.gtld-servers.net <http://m.gtld-servers.net> >>> <http://m.gtld-servers.net>. >>> com. 172800 IN NS >>> l.gtld-servers.net <http://l.gtld-servers.net> >>> <http://l.gtld-servers.net>. >>> com. 172800 IN NS >>> k.gtld-servers.net <http://k.gtld-servers.net> >>> <http://k.gtld-servers.net>. >>> com. 172800 IN NS >>> j.gtld-servers.net <http://j.gtld-servers.net> >>> <http://j.gtld-servers.net>. >>> com. 172800 IN NS >>> i.gtld-servers.net <http://i.gtld-servers.net> >>> <http://i.gtld-servers.net>. >>> com. 172800 IN NS >>> h.gtld-servers.net <http://h.gtld-servers.net> >>> <http://h.gtld-servers.net>. >>> com. 172800 IN NS >>> g.gtld-servers.net <http://g.gtld-servers.net> >>> <http://g.gtld-servers.net>. >>> com. 172800 IN NS >>> f.gtld-servers.net <http://f.gtld-servers.net> >>> <http://f.gtld-servers.net>. >>> com. 172800 IN NS >>> e.gtld-servers.net <http://e.gtld-servers.net> >>> <http://e.gtld-servers.net>. >>> com. 172800 IN NS >>> d.gtld-servers.net <http://d.gtld-servers.net> >>> <http://d.gtld-servers.net>. >>> com. 172800 IN NS >>> c.gtld-servers.net <http://c.gtld-servers.net> >>> <http://c.gtld-servers.net>. >>> com. 172800 IN NS >>> b.gtld-servers.net <http://b.gtld-servers.net> >>> <http://b.gtld-servers.net>. >>> com. 172800 IN NS >>> a.gtld-servers.net <http://a.gtld-servers.net> >>> <http://a.gtld-servers.net>. >>> com. 86400 IN DS 30909 8 2 >>> E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF >>> C41A5766 >>> com. 86400 IN RRSIG DS 8 1 >>> 86400 >>> 20151218170000 20151208160000 62530 . >>> CqO6/JQRMrFAIlB7I6oguyun+/InWoLWNJh0pPCNOJ00sOjxz+X9EZT0 >>> jy0Dpn2nYAdI6F7adUOnGG5jHsiz7oQmHg9ncyMUoVkeMQV+p0JL4Wdf >>> kLqufz6NueraOLgs8FII8GP968odDLDbFbpD3wWM9tEh+NqZhaS5PiMT >>> YJQ= >>> ;; Received 735 bytes from >>> 198.41.0.4#53(a.root-servers.net >>> <http://a.root-servers.net> >>> <http://a.root-servers.net>) in 3031 ms >>> >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 172800 IN NS >>> ns2.google.com <http://ns2.google.com> <http://ns2.google.com>. >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 172800 IN NS >>> ns1.google.com <http://ns1.google.com> <http://ns1.google.com>. >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 172800 IN NS >>> ns3.google.com <http://ns3.google.com> <http://ns3.google.com>. >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 172800 IN NS >>> ns4.google.com <http://ns4.google.com> <http://ns4.google.com>. >>> CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 >>> 1 0 - >>> CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY >>> NSEC3PARAM >>> CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 >>> 8 2 86400 >>> 20151214055737 20151207044737 51797 com. >>> MrwJSdJZKLjHepqim6qM+oa1W+Ya6OzG4/yHhG3DRcjGGYUVzfTqqKsA >>> GOHkyBZ2eUKiBhcjKEdf+uvwpx0pAuaV0v1u3LaML52ILvd8Jh6Hxx2r >>> OqHPZ5O2QuZMnnFZuXYYYRWDnExxtPPhh94jHf7vHojNIiv/zDanYb5E >>> VSo= >>> H5AFKDOBP05VCGM6958STOKNIEDLV3OR.com. 86400 IN NSEC3 1 >>> 1 0 - >>> H5AMN1SCRI4J99BRA7K4B8C018PJIVPN NS DS RRSIG >>> H5AFKDOBP05VCGM6958STOKNIEDLV3OR.com. 86400 IN RRSIG NSEC3 >>> 8 2 86400 >>> 20151214055802 20151207044802 51797 com. >>> oMRyyXEiWOQVDPLjm2ggBzF3CzI2/HO4PGJhO4nFueMD9gamuiENz+gA >>> ew/kdtnbztKucRSCMgtG2+uhQployz/WBRf1angLfWtIqeJR2008qayS >>> O0I4lHtchB6QGPT1UQf/qH9Bt9u5VlD7Naw/luQxBk9O4W+HiFf2wGsi >>> fKA= >>> ;; Received 668 bytes from >>> 192.31.80.30#53(d.gtld-servers.net <http://d.gtld-servers.net> >>> <http://d.gtld-servers.net>) in 2402 ms >>> >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.25 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.44 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.59 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.54 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.55 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.20 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.35 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.49 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.29 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.45 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.39 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.24 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.30 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.34 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.50 >>> youtube.com <http://youtube.com> <http://youtube.com>. >>> 300 IN A >>> 209.118.208.40 >>> ;; Received 285 bytes from 216.239.38.10#53 >>> <tel:216.239.38.10%2353> >>> <tel:216.239.38.10%2353>(ns4.google.com >>> <http://ns4.google.com> <http://ns4.google.com>) in >>> 415 ms >>> >>> cheers, >>> >>> ski >>> >>> -- >>> "When we try to pick out anything by itself, we find it >>> connected to the entire universe" John Muir >>> >>> Chris "Ski" Kacoroski, [email protected] >>> <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>>, >>> 206-501-9803 <tel:206-501-9803> <tel:206-501-9803 >>> <tel:206-501-9803>> >>> or ski98033 on most IM services >>> _______________________________________________ >>> Discuss mailing list >>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] >>> <mailto:[email protected]>> >>> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss >>> This list provided by the League of Professional System >>> Administrators >>> http://lopsa.org/ >>> >>> >>> >>> -- >>> "When we try to pick out anything by itself, we find it >>> connected to the entire universe" John Muir >>> >>> Chris "Ski" Kacoroski, [email protected] >>> <mailto:[email protected]>, 206-501-9803 <tel:206-501-9803> >>> or ski98033 on most IM services >>> >>> >>> >>> >>> _______________________________________________ >>> Discuss mailing list >>> [email protected] >>> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss >>> This list provided by the League of Professional System Administrators >>> http://lopsa.org/ >>> >> _______________________________________________ >> Discuss mailing list >> [email protected] >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ > -- I prefer to use encrypted mail. My public key fingerprint is FD6A 6990 F035 DE9E 3713 B4F1 661B 3AD6 D82A BBD0. You can download it at http://www.megacity.org/gpg_dballing.txt Learn how to encrypt your email with the E-Mail Self Defense Guide: https://emailselfdefense.fsf.org/en/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
