[LEDE-DEV] Lack of DNS robustness for openwrt.org

Bjørn Mork bjorn at mork.no
Mon May 7 00:07:25 PDT 2018 

John Crispin <john at phrozen.org> writes:
> On 06/05/18 22:44, Joerg Jaspert wrote:
>> On 15029 March 1977, Bjørn Mork wrote:
>>
>>> 1) update the .org delegation to include *all* NS records for the
>>>     openwrt.org zone
>> I added the soapstone one to the registrar for now, as thats an easy
>> step to do.

Great!

>>> 3) possibly consider adding/replacing DNS servers with more robust
>>>    (anycasted?) solutions.  Adding or replacing secondaries should at
>>>    least be a no-brainer
>> If *wanted*, SPI nameservers can be used as secondaries.
>>
>
> Hi Joerg,
>
> I am liasion to the SPI if I am not mistaken so i can just ask you to
> do that right ? If so, please add spi as secondary.
>
> We should also consider moving primary to the DO servers, but that
> would require a vote and a thread on the adm channels.

Looks like that just moved up to high priority:  Both the responding
slaves are now returning SERVFAIL, presumably because they've been out
of contact with the primary for too long.


bjorn at miraculix:~$ dig ns openwrt.org @belategeuse.dune.hu

; <<>> DiG 9.10.3-P4-Debian <<>> ns openwrt.org @belategeuse.dune.hu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56745
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;openwrt.org.                   IN      NS

;; Query time: 48 msec
;; SERVER: 81.0.124.200#53(81.0.124.200)
;; WHEN: Mon May 07 09:03:56 CEST 2018
;; MSG SIZE  rcvd: 40

bjorn at miraculix:~$ dig ns openwrt.org @soapstone.yuri.org.uk

; <<>> DiG 9.10.3-P4-Debian <<>> ns openwrt.org @soapstone.yuri.org.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53523
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;openwrt.org.                   IN      NS

;; Query time: 38 msec
;; SERVER: 78.47.151.105#53(78.47.151.105)
;; WHEN: Mon May 07 09:04:14 CEST 2018
;; MSG SIZE  rcvd: 40


And the primary is still dead:

bjorn at miraculix:~$ dig ns openwrt.org @arrakis.dune.hu

; <<>> DiG 9.10.3-P4-Debian <<>> ns openwrt.org @arrakis.dune.hu
;; global options: +cmd
;; connection timed out; no servers could be reached




Bjørn

More information about the Lede-dev mailing list