It seems that the name server ns2.desec.org is unresponsive. Is it down at the moment? I noticed the problem after implementing a challenge resolver for cert-manager in kubernetes. It’s not tolerant to the fact that one of the name servers is down (though it should be, and I’ve raised the issue with the cert-manager devs).
Dear kmorning,
welcome do deSEC!
Our monitoring system did not give any alerts, and a manual check I from my internet connection also did not show any problem. Could you provide a tracepath to our servers, so that we can look further into the problem? On Ubuntu Linux, you could use the following commands:
tracepath -n -4 ns2.desec.org
tracepath -n -6 ns2.desec.org
On windows, similar commands exist (try “traceroute” instead of “tracepath”).
Also, it could be helpful to see the output of the following command:
dig +nsid @ns2.desec.org
Please include the exact time when you issued those commands. Thanks!
Best,
Nils
Hi Nils, here are my results:
$ timedatectl && tracepath -n -4 ns2.desec.org
Local time: Fri 2021-02-12 21:11:31 EST
Universal time: Sat 2021-02-13 02:11:31 UTC
RTC time: Sat 2021-02-13 02:11:32
Time zone: America/New_York (EST, -0500)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
1?: [LOCALHOST] pmtu 1492
1: 192.168.97.145 0.658ms
1: 192.168.97.145 0.550ms
2: 192.168.2.1 1.695ms
3: 10.11.6.9 4.272ms
4: no reply
5: 64.230.101.184 8.191ms asymm 7
6: 64.230.165.98 5.586ms
7: 64.230.165.101 20.519ms asymm 10
8: 64.230.51.5 31.048ms asymm 9
9: 64.230.79.161 19.177ms asymm 8
10: 64.230.78.175 21.004ms asymm 7
11: 209.120.141.241 30.229ms asymm 9
12: 89.149.140.182 40.286ms asymm 11
13: no reply
14: no reply
15: no reply
16: no reply
17: no reply
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
Too many hops: pmtu 1492
Resume: pmtu 1492
$ timedatectl && tracepath -n -6 ns2.desec.org
Local time: Fri 2021-02-12 21:12:36 EST
Universal time: Sat 2021-02-13 02:12:36 UTC
RTC time: Sat 2021-02-13 02:12:36
Time zone: America/New_York (EST, -0500)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
1: send failed
Resume: pmtu 128000
$ dig +nsid @ns2.desec.org
; <<>> DiG 9.16.1-Ubuntu <<>> +nsid @ns2.desec.org
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
I’ve tried from both work and home which are different internet provides, and can’t reach from either.
Thanks,
Kelly
Hi Kelly,
Thanks for the trace. We forwarded it to our anycast provider who will look into the issue. I’ll give you a heads-up here once I know more.
Stay secure,
Peter
Hi Kelly,
Last night, our upstream provider let us know the following:
We have identified the issue in LGA and have confirmed that the issue is resolved. Can you have your customer retest?
Can you please check again?
Thanks,
Peter
Hi Peter,
Yes, it’s working now.
Thanks for your help.
Kelly
Cool, glad it’s working! And sorry for the inconvenience.
~Peter