I don't care for the Actiontec boxes either, but the STB program guides and other features don't work without it, so I have mine forward all IP traffic unmolested to my own as the DMZ host (thus the dual layer of [P|N]AT you see). It's just UDP/TCP 53 traffic that's not flowing for whatever reason; it's every device in the house phones, tablets, computers, you name it, so I'm not inclined to attribute it to malware. My neighbor was also seeing it (and like last time, it seems to have magically resolved itself after ~1.5h). I'm just wondering what Verizon is DOING that they are screwing up their own DNS traffic. If they were capturing my queries and sending them to their own servers (I actually have Google's public facing servers at the top of the list handed out by DHCP) that would be one thing (irritating to be sure, but they aren't, so it's not), but when I'm explicitly hitting a name server down the street in Reston that VZ run and it's failing the same way? It makes me wonder.
Jamie > -----Original Message----- > From: Robert E. Seastrom [mailto:r...@seastrom.com] > Sent: Monday, January 23, 2012 6:21 AM > To: Christopher Morrow > Cc: nanog group > Subject: Re: VZ FiOS DNS issues: > > > Christopher Morrow <morrowc.li...@gmail.com> writes: > > > On Sun, Jan 22, 2012 at 11:29 AM, Brandon Kim > > <brandon....@brandontek.com> wrote: > >> > >> I have FIOS and I have no issues. However I do know awhile back they > had issues and I was affected by > >> the outage.... > >> > >> Maybe it hasn't made its way to me yet.... > >> > > > > there have been instances over the time i've been a fios customer > that > > 'upgrades' to devices in the field have caused this problem (last was > > ~2wks ago? in the washington, dc area). > > > > Could be you are seeing this problem affecting you :( > > I'm a FIOS customer (LATA 246 not 236 like Chris), and haven't had any > issues with the network. On the other hand, between my location and > the fact that I'm on an old BPON build, perhaps the software upgrades > haven't affected me. To further complicate things, ever suspicious of > ISP nameservers that don't do DNSSEC validation and monetize rcode 3, > and not a fan of the Actiontec boxes that Verizon hands out I run my > own cacheing nameserver (hand-built openbsd+pf on embedded hardware > with latest bind or unbound and isc dhcpd). > > Do things magically start working for you if you hard-code 8.8.8.8 or > 4.2.2.1 or one of the other usual suspects? That would seem to be a > quick way of narrowing it down a bit. > > -r >
