cancel
Showing results for 
Search instead for 
Did you mean: 

DNS weirdness

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: DNS weirdness

Quote from: djadamuk
have now switched to 212.159.13.19/.50

I hope that is a typo! The other servers are 212.159.13.49 and 212.159.13.50.
(If 19 is what you are trying to use it could explain why you are still having problems!)
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
djadamuk
Newbie
Posts: 9
Registered: ‎08-07-2009

Re: DNS weirdness

Quote from: jelv
Quote from: djadamuk
have now switched to 212.159.13.19/.50

I hope that is a typo! The other servers are 212.159.13.49 and 212.159.13.50.
(If 19 is what you are trying to use it could explain why you are still having problems!)

haha! Yes apologies that is a typo.
jamessealey
Grafter
Posts: 79
Registered: ‎10-08-2008

Re: DNS weirdness

Bob
Just had another bout of unresolvedness (not a word i know, but should be after all this!!!) despite being routed through vl55.ptn-lb01.plus.net [212.159.2.124]
James
Neilski
Grafter
Posts: 46
Registered: ‎24-05-2009

Re: DNS weirdness

I'm affected too, didn't check tracert before rebooting the router, but now (after rebooting) it's still bad and hitting the pcl host.
Can I just restart the PPP session or do I have to drop the ADSL link entirely?
EnglishMohican
Aspiring Pro
Posts: 311
Thanks: 55
Fixes: 1
Registered: ‎08-04-2009

Re: DNS weirdness

Just to add to the evidence - at about 21:15 my internet died on me. No response using a browser from bbc.co.uk or www.plus.net. I got a reasonable ping response from 212.159.6.9 but when asked for an address it took a long time to serve it. ( I asked for bbc.co.uk, got fed up waiting so typed in www.plus.net and then it came up with an address which turned out to be a bbc one).
Not too sure about what traceroute all means but this was the poorest example from about 10 tests that I made. Many of the others were OK but by now it is an hour later and things seem to be working again.
Note that I appear to be on ptn.
tcptraceroute 212.159.6.9
Selected device wlan0, address 192.168.1.3, port 59009 for outgoing packets
Tracing the path to 212.159.6.9 on TCP port 80 (http), 30 hops max
1  192.168.1.1  2.684 ms  4.274 ms  8.609 ms
2  192.168.0.1  5.380 ms  6.582 ms  2.569 ms
3  lo0-plusnet.ptn-ag2.plus.net (195.166.128.53)  23.777 ms  30.594 ms  24.762 ms
4  gi2-2-204.ptn-gw02.plus.net (84.92.3.93)  41.387 ms  45.986 ms  26.589 ms
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * gi2-2-204.ptn-gw02.plus.net (84.92.3.93) 30.143 ms !A
Jim
mal0z
Grafter
Posts: 3,486
Registered: ‎02-10-2008

Re: DNS weirdness

Could this be a geographical thing or dependant on what route people have into PN, as I've been on line almost continuously for the last 48 + hours apart from sleeping and not had an issue at all ?
I've gone into several dozens of different websites - and no failures !
I'm really not trying to defend PN here - as I would moan if I had problems
djadamuk
Newbie
Posts: 9
Registered: ‎08-07-2009

Re: DNS weirdness

Do we have any idea when this will be fixed. It's getting seriously annoying now. Especially when you're trying to watch a video or download something.
pd
Grafter
Posts: 235
Registered: ‎09-05-2008

Re: DNS weirdness

Quote from: mal0z
........I've been on line almost continuously for the last 48 + hours apart from sleeping and not had an issue at all ?

I've had my share of problems over the last few weeks, yesterday was particularly bad around 1030, 1200 again around 1700, 1930 & 2130 and finally between 0010 & 0030 (worst period when just about everything was failing).

Today has been clear until just recently when one of my sipgate lines failed to register.......

[Jul  8 22:30:41] WARNING[1722]: chan_sip.c:2907 create_addr: No such host: sipgate.co.uk
[Jul  8 22:30:41] WARNING[1722]: chan_sip.c:7509 transmit_register: Probably a DNS error for registration to xxxxxxx@sipgate.co.uk, trying REGISTER again (after 20 seconds)
[Jul  8 22:31:13] NOTICE[1722]: chan_sip.c:7433 sip_reg_timeout:    -- Registration for 'xxxxxxx@sipgate.co.uk' timed out, trying again (Attempt #1)
seems to have registered OK on the second attempt, so a good day really.  (I'll probably kick myself for saying it!  Smiley )
mateybass
Newbie
Posts: 1
Registered: ‎09-07-2009

Re: DNS weirdness

For me, this problem has been ongoing since the 6th of July. It coincided with my Netgear DG834G router log changing from only ever reporting that it had sent an NTP request for the time to suddenly reporting Port Scans and DOS attacks, all coming from the DNS addresses. I've never had anything like that since joining PlusNet up to the 5th of July and never had a problem until these attacks started. I don't know if this is relevant to the problem but I am listing parts of the logs below:
Sun, 2009-07-05 04:10:53 - Send out NTP request to time-g.netgear.com
Sun, 2009-07-05 04:11:53 - Send out NTP request to time-h.netgear.com
Sun, 2009-07-05 04:11:52 - Receive NTP Reply from time-h.netgear.com
Mon, 2009-07-06 00:23:29 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,21222 - [DOS]
Mon, 2009-07-06 00:23:29 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,3175 - [DOS]
Mon, 2009-07-06 00:23:29 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,30313 - [DOS]
Mon, 2009-07-06 00:23:29 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,7552 - [DOS]
Mon, 2009-07-06 00:23:29 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,36346 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,50595 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,41144 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,14653 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,31705 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,48675 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,20529 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,47570 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,59784 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,31705 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,3175 - [DOS]
Mon, 2009-07-06 00:23:30 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,50595 - [DOS]
Mon, 2009-07-06 00:23:32 - UDP Packet - Source:212.159.6.9 Destination:87.114.43.141 - [PORT SCAN]
Mon, 2009-07-06 00:23:36 - UDP Packet - Source:212.159.6.10 Destination:87.114.43.141 - [PORT SCAN]
Mon, 2009-07-06 00:23:36 - UDP Packet - Source:212.159.6.9 Destination:87.114.43.141 - [PORT SCAN]
Tue, 2009-07-07 16:20:31 - UDP Packet - Source:212.159.6.10,53 Destination:87.114.43.141,51004 - [DOS]
Tue, 2009-07-07 16:20:31 - UDP Packet - Source:212.159.6.9,53 Destination:87.114.43.141,26281 - [DOS]
Tue, 2009-07-07 16:42:04 - Administrator login successful - IP:192.168.0.2
and after various fixes tried, including restarting my router, changing the DNS servers to manual from automatic and upgrading the firmware:
Sat, 2000-01-01 00:00:29 - Initialize LCP.
Sat, 2000-01-01 00:00:29 - LCP is allowed to come up.
Sat, 2000-01-01 00:00:36 - CHAP authentication success
Sat, 2000-01-01 00:00:41 - Send out NTP request to time-g.netgear.com
Sat, 2000-01-01 00:02:04 - Send out NTP request to time-h.netgear.com
Thu, 2009-07-09 00:25:55 - Receive NTP Reply from time-h.netgear.com
Thu, 2009-07-09 00:26:15 - Administrator login successful - IP:192.168.0.2
Thu, 2009-07-09 00:27:26 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:21 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:22 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.2,60267 - [DOS]
Thu, 2009-07-09 00:28:22 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.2,54315 - [DOS]
Thu, 2009-07-09 00:28:22 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.2,49702 - [DOS]
Thu, 2009-07-09 00:28:23 - UDP Packet - Source:212.159.13.50 Destination:87.114.3.189 - [PORT SCAN]
Thu, 2009-07-09 00:28:23 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.2,52707 - [DOS]
Thu, 2009-07-09 00:28:23 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.2,59865 - [DOS]
Thu, 2009-07-09 00:28:23 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.2,64650 - [DOS]
Thu, 2009-07-09 00:28:23 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:24 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.2,64352 - [DOS]
Thu, 2009-07-09 00:28:24 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:24 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:25 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:25 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:26 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:26 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:26 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:27 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:27 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:27 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:27 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:27 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:28 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:28 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:28 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:28 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:29 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:29 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:31 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:31 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:31 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:31 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:31 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.3 - [PORT SCAN]
Thu, 2009-07-09 00:28:32 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:32 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:32 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:32 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:33 - UDP Packet - Source:212.159.13.49 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:28:33 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Thu, 2009-07-09 00:29:46 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.3,53539 - [DOS]
Thu, 2009-07-09 00:29:47 - UDP Packet - Source:212.159.13.49,53 Destination:192.168.0.3,50499 - [DOS]
scootie
Grafter
Posts: 4,799
Thanks: 1
Registered: ‎03-11-2007

Re: DNS weirdness

my dg834g v4 went wacky like this and started thinking xbox port 3074 traffic was a dos attack i downgraded back to firmware v 5.01.09 and no longer have the issue
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: DNS weirdness

Thanks for keeping the examples coming guys. Really sorry about the continued problems, I'll post more info back here as soon as I have it...

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: DNS weirdness

Quote from: mal0z
Could this be a geographical thing or dependant on what route people have into PN, as I've been on line almost continuously for the last 48 + hours apart from sleeping and not had an issue at all ?
I've gone into several dozens of different websites - and no failures !

Have you checked which load balancer you are going through?
@mateybass
I suspect the reports in the router logs may be due to responses to DNS lookups returning after a long delay.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: DNS weirdness

Right, first update of the day guys and it's a promising one...
After almost exhausting all of our options looking at the DNS caching platform itself we started checking checking the flows on the Ellacoya (traffic management) platform. Without a huge amount of digging we noticed that some of the traffic to and from the DNS platform was being picked up by a new Ellacoya Signature that was added last week. This had been provided to us by Arbor/Ellacoya and was intended to better identify eDonkey/eMule traffic.
We've raised a case with our supplier and have removed the offending signature so I'd appreciate any feedback on whether or not this seems to have improved the situation?
Thanks everybody for your patience.
@dannykos, are you running your traceroutes from a Windows box or are you using a different OS? The reason I ask is because I wouldn't expect ICMP traces to be affected if this is actually down to the dodgy Ellacoya sig.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

djadamuk
Newbie
Posts: 9
Registered: ‎08-07-2009

Re: DNS weirdness

Quote from: Bob
We've raised a case with our supplier and have removed the offending signature so I'd appreciate any feedback on whether or not this seems to have improved the situation?
Thanks everybody for your patience.

Firstly Bob, thanks to you and your engineers for what you're doing. Service with plus net is excellent, always pleased. Downside is it's a BT telephone line haha
I've had no problems this morning at all. And i've been on since 9am. Currently running on DNS servers 212.159.6.9 & 212.159.13.50. Occasionally I have issues during the day (did quite a bit yesterday), but its mostly the evening where i'm affected.
pd
Grafter
Posts: 235
Registered: ‎09-05-2008

Re: DNS weirdness

Quote from: Bob

Four of the servers at one of the sites you connect to for DNS resolution keep on failing TCP/IP heathchecks in the load balancer.

Quote from: Bob

After almost exhausting all of our options looking at the DNS caching platform itself we started checking checking the flows on the Ellacoya (traffic management) platform.

Bob
Does the problem with the Ellacoya account for the four DNS servers failing?