Ns2.desec.org down

It seems that the name server ns2.desec.org is unresponsive. Is it down at the moment? I noticed the problem after implementing a challenge resolver for cert-manager in kubernetes. It’s not tolerant to the fact that one of the name servers is down (though it should be, and I’ve raised the issue with the cert-manager devs).

Dear kmorning,

welcome do deSEC!

Our monitoring system did not give any alerts, and a manual check I from my internet connection also did not show any problem. Could you provide a tracepath to our servers, so that we can look further into the problem? On Ubuntu Linux, you could use the following commands:

tracepath -n -4 ns2.desec.org
tracepath -n -6 ns2.desec.org

On windows, similar commands exist (try “traceroute” instead of “tracepath”).

Also, it could be helpful to see the output of the following command:

dig +nsid @ns2.desec.org

Please include the exact time when you issued those commands. Thanks!

Best,
Nils

Hi Nils, here are my results:

$ timedatectl && tracepath -n -4 ns2.desec.org
               Local time: Fri 2021-02-12 21:11:31 EST
           Universal time: Sat 2021-02-13 02:11:31 UTC
                 RTC time: Sat 2021-02-13 02:11:32
                Time zone: America/New_York (EST, -0500)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
 1?: [LOCALHOST]                      pmtu 1492
 1:  192.168.97.145                                        0.658ms
 1:  192.168.97.145                                        0.550ms
 2:  192.168.2.1                                           1.695ms
 3:  10.11.6.9                                             4.272ms
 4:  no reply
 5:  64.230.101.184                                        8.191ms asymm  7
 6:  64.230.165.98                                         5.586ms
 7:  64.230.165.101                                       20.519ms asymm 10
 8:  64.230.51.5                                          31.048ms asymm  9
 9:  64.230.79.161                                        19.177ms asymm  8
10:  64.230.78.175                                        21.004ms asymm  7
11:  209.120.141.241                                      30.229ms asymm  9
12:  89.149.140.182                                       40.286ms asymm 11
13:  no reply
14:  no reply
15:  no reply
16:  no reply
17:  no reply
18:  no reply
19:  no reply
20:  no reply
21:  no reply
22:  no reply
23:  no reply
24:  no reply
25:  no reply
26:  no reply
27:  no reply
28:  no reply
29:  no reply
30:  no reply
     Too many hops: pmtu 1492
     Resume: pmtu 1492

$ timedatectl && tracepath -n -6 ns2.desec.org
               Local time: Fri 2021-02-12 21:12:36 EST
           Universal time: Sat 2021-02-13 02:12:36 UTC
                 RTC time: Sat 2021-02-13 02:12:36
                Time zone: America/New_York (EST, -0500)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
 1:  send failed
     Resume: pmtu 128000

$ dig +nsid @ns2.desec.org

; <<>> DiG 9.16.1-Ubuntu <<>> +nsid @ns2.desec.org
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached

I’ve tried from both work and home which are different internet provides, and can’t reach from either.

Thanks,
Kelly

Hi Kelly,

Thanks for the trace. We forwarded it to our anycast provider who will look into the issue. I’ll give you a heads-up here once I know more.

Stay secure,
Peter

Hi Kelly,

Last night, our upstream provider let us know the following:

We have identified the issue in LGA and have confirmed that the issue is resolved. Can you have your customer retest?

Can you please check again?

Thanks,
Peter

Hi Peter,

Yes, it’s working now.

Thanks for your help.

Kelly

Cool, glad it’s working! And sorry for the inconvenience.

~Peter