It seems that the name server ns2.desec.org is unresponsive. Is it down at the moment? I noticed the problem after implementing a challenge resolver for cert-manager in kubernetes. It’s not tolerant to the fact that one of the name servers is down (though it should be, and I’ve raised the issue with the cert-manager devs).
welcome do deSEC!
Our monitoring system did not give any alerts, and a manual check I from my internet connection also did not show any problem. Could you provide a tracepath to our servers, so that we can look further into the problem? On Ubuntu Linux, you could use the following commands:
On windows, similar commands exist (try “traceroute” instead of “tracepath”).
Also, it could be helpful to see the output of the following command:
dig +nsid @ns2.desec.org
Please include the exact time when you issued those commands. Thanks!
Hi Nils, here are my results:
$ timedatectl && tracepath -n -4 ns2.desec.org Local time: Fri 2021-02-12 21:11:31 EST Universal time: Sat 2021-02-13 02:11:31 UTC RTC time: Sat 2021-02-13 02:11:32 Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no 1?: [LOCALHOST] pmtu 1492 1: 192.168.97.145 0.658ms 1: 192.168.97.145 0.550ms 2: 192.168.2.1 1.695ms 3: 10.11.6.9 4.272ms 4: no reply 5: 126.96.36.199 8.191ms asymm 7 6: 188.8.131.52 5.586ms 7: 184.108.40.206 20.519ms asymm 10 8: 220.127.116.11 31.048ms asymm 9 9: 18.104.22.168 19.177ms asymm 8 10: 22.214.171.124 21.004ms asymm 7 11: 126.96.36.199 30.229ms asymm 9 12: 188.8.131.52 40.286ms asymm 11 13: no reply 14: no reply 15: no reply 16: no reply 17: no reply 18: no reply 19: no reply 20: no reply 21: no reply 22: no reply 23: no reply 24: no reply 25: no reply 26: no reply 27: no reply 28: no reply 29: no reply 30: no reply Too many hops: pmtu 1492 Resume: pmtu 1492 $ timedatectl && tracepath -n -6 ns2.desec.org Local time: Fri 2021-02-12 21:12:36 EST Universal time: Sat 2021-02-13 02:12:36 UTC RTC time: Sat 2021-02-13 02:12:36 Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no 1: send failed Resume: pmtu 128000 $ dig +nsid @ns2.desec.org ; <<>> DiG 9.16.1-Ubuntu <<>> +nsid @ns2.desec.org ; (2 servers found) ;; global options: +cmd ;; connection timed out; no servers could be reached
I’ve tried from both work and home which are different internet provides, and can’t reach from either.
Thanks for the trace. We forwarded it to our anycast provider who will look into the issue. I’ll give you a heads-up here once I know more.
Last night, our upstream provider let us know the following:
We have identified the issue in LGA and have confirmed that the issue is resolved. Can you have your customer retest?
Can you please check again?
Yes, it’s working now.
Thanks for your help.
Cool, glad it’s working! And sorry for the inconvenience.