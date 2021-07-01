Geekzone: technology news, blogs, forums
Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, 2talk and Vocus)Very weird and specific 2D DNS issue
mobiusnz

304 posts

Ultimate Geek


#288469 1-Jul-2021 17:19
Hey guys and gals. So I discovered I couldn't resolve a couple of my domains - Annoying but not a big issue. Tried a few things and confirmed in the end that 2D's dns servers

 

111.69.69.68 and 111.69.69.69

 

Won't resolve any DNS that are held on Discount Domains DNS Servers NS1.discountdomains.co.nz through NS3.discountdomains.co.nz

 

It just times out. Any other DNS server I try is happy to talk to Discount Domains and works fine but I've not had 2 clients who happen to sit in the intersection of the Venn diagram of 2D internet users and Discount domains clients.

 

1 couldn't visit their own website - Same DNS isuse

 

The other have a site to site VPN where the branches connected to head office via a URL that was a discount domains domain name so the router couldn't resolve it.

Quick work arounds in both cases - Change DNS to 8.8.8.8 for one and use the Static IP for the VPN rather than a DNS Name but this leaves me wondering how many other websites aren't accessible to 2D clients and potentially if you have a mail server running on a 2D internet connection that users DNS lookups for delivery its not going to be able to resolve MX records for Discount Domains domain names.

I've emailed but of them an NSLOOKUP screen grab and they've both said it'll be sent to the appropriate network team within 24 hours but what else can I do. Who knows who's problem it actually is for starters.

It could be a quirk where a Firewall at Discount domains has blacklisted 2D's DNS servers due to a DNS query "storm" that was detected as a potential DOS or similar. It could be a config issue on the DNS servers at 2D but I can't say I can think of one thats likely.

Hopefully one of them will escalate it properly but I imagine it'll probably just resolve itself over night and we'll never know what exactly happened but its always frustrating when you get an issue like this that the help desk person doesn't really have the skillset to understand so you just end up banging your head on a brick wall at either end.

 

Intrigued if anyone else has run into it today or its the fact that I tend to recommend 2D as an ISP and also have always preferred Discount Domains as my registrar of choice. Although since the merge with Umbrella the main thing I like about them has gone downhill and thats phone support. Previously I could ring them and the person I spoke to would understand and fix things on the spot - Now its a typical generic phone helpdesk where it feels like they are sitting there with a flowchart that doesn't have enough on it.

 

 




Matt Beechey

 

Mobius Network Solutions

NickMack
869 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #2737542 1-Jul-2021 19:03
@aspired




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

NickMack
869 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #2737543 1-Jul-2021 19:06
NickMack:

 

@aspired

 

 

Just had a reply from @aspired, he will investigate and provide an update.

 

Nick




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

mobiusnz

304 posts

Ultimate Geek


  #2737545 1-Jul-2021 19:13
NickMack:

 

NickMack:

 

@aspired

 

 

Just had a reply from @aspired, he will investigate and provide an update.

 

Nick

 

 

 

 

even when you’re no longer there, you still have the contacts ;)




Matt Beechey

 

Mobius Network Solutions



aspired
22 posts

Geek

ID Verified
Trusted
2degrees

  #2737596 1-Jul-2021 21:17
Thanks for the heads up. Yes there is indeed an issue, Discount Domains name servers are not responding to queries from our Christchurch DNS cluster.

I’ll make a change shortly as temporary fix while we investigate further.

mobiusnz

304 posts

Ultimate Geek


  #2737597 1-Jul-2021 21:19
aspired: Thanks for the heads up. Yes there is indeed an issue, Discount Domains name servers are not responding to queries from our Christchurch DNS cluster.

I’ll make a change shortly as temporary fix while we investigate further.

 

thanks for looking. I knew it would be easy to confirm, now the fun of finding why.

 

 




Matt Beechey

 

Mobius Network Solutions

michaelmurfy
/dev/ttys0
10983 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2737627 2-Jul-2021 00:27
mobiusnz:

 

Intrigued if anyone else has run into it today or its the fact that I tend to recommend 2D as an ISP and also have always preferred Discount Domains as my registrar of choice. Although since the merge with Umbrella the main thing I like about them has gone downhill and thats phone support. Previously I could ring them and the person I spoke to would understand and fix things on the spot - Now its a typical generic phone helpdesk where it feels like they are sitting there with a flowchart that doesn't have enough on it.

 

Have a look also at Metaname (https://metaname.net) who I use personally or 1st Domains (https://1stdomains.nz/) who seem to have a good reputation also. If you've got a bit of a portfolio then Metaname may be a good option for you - they're basic but all the features are there.




Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.

wratterus
1475 posts

Uber Geek


  #2737713 2-Jul-2021 08:45
We noticed this yesterday too. (2D Fibre, top of South Island.)



mobiusnz

304 posts

Ultimate Geek


  #2737747 2-Jul-2021 09:36
michaelmurfy:

 

Have a look also at Metaname (https://metaname.net) who I use personally or 1st Domains (https://1stdomains.nz/) who seem to have a good reputation also. If you've got a bit of a portfolio then Metaname may be a good option for you - they're basic but all the features are there.

 

 

The support has become quite frustrating but their online DNS tools work well and are better I find than many others. A lot these days (And I think 1st domains might be one) just offer 1 hour or 12 hour for TTL's where DD let you enter it in seconds as intended etc.

As for support I emailed them a log last night and they responded that it was an ISP issue (Hey what the hell, its only one of the largest ISP's and mobile operators in the country - Why be proactive to aid in finding a resolution affecting thousands of their customers potentially) and they told me that NS3.DISCOUNTDOMAINS.CO.NZ doesn't exist to which I responded with an NS lookup using that server. Ever since they merged helpdesks across Umbrella its been incredibly frustrating.

I have another client who used Digiweb for their email hosting years back - We changed MX record a long long time ago to their own exchange server on merger with another customer and since then anyone using Digiweb/Discount domains SMTP Auth servers to send email can't email this firm as their emails bounce saying the user doesn't exist as there is not mailbox on the DD servers. I emailed them and they just respond with "All looks ok at our end, must be your problem". Its pretty tough when a help desk doesn't understand the technology they are supporting properly.

 

Changing them all would be a bit of a PITA but I might look at it. Maybe shift one of my lesser used Hobby domains and play with the platform a little. I also find DD dns changes made are near instant which is good (Assuming you understand TTL's etc) where some others do zone reloads on a schedule which adds delays to otherwise simple processes.




Matt Beechey

 

Mobius Network Solutions

mobiusnz

304 posts

Ultimate Geek


  #2739254 5-Jul-2021 17:02
michaelmurfy:

 

Have a look also at Metaname (https://metaname.net) who I use personally or 1st Domains (https://1stdomains.nz/) who seem to have a good reputation also. If you've got a bit of a portfolio then Metaname may be a good option for you - they're basic but all the features are there.

 

 

Shifted my first domain to Metaname.net and its what I want - A dns specialist host with the required tools and good support.

 

Again had fun with a .COM TLD i tried to transfer that Discount Domains tools weren't providing the right Auth code so had to go back to support and that just really sealed the deal for me.

Lately I've found dealing with Discount Domains to be a painful process and its happened one too many times.

 

Thanks for the Tip as Metaname.net so far seem brilliant.




Matt Beechey

 

Mobius Network Solutions

mobiusnz

304 posts

Ultimate Geek


  #2740442 7-Jul-2021 11:12
Ok - I need to bring this back up but in a way this post needs moving to the spark forum but thats the wrong place too. The issue the other day resolved itself - Discount Domains always said it was a 2Degrees issue. 2 Degrees simply implemented a workaround and when they checked the next day things had returned to normal.

NOW roll forward to today and now the EXACT SAME ISSUE is happening to Spark users. Spark users can't resolve DNS from Discount Domains DNS Servers. I checked and neither have anything on their status page so I rang Discount Domains and the help desk person told me its a "known" spark issue and its not Discount Domains problem.

 

What are the chances that two national ISP's suddenly timeout querying DD's DNS servers?? To me surely there is a bigger issue here and yet again discount domains just point the finger blaming the national ISP as having an issue thats affecting their ability to resolve dns queries from one small companies DNS servers.

My gut says they have some sort of firewall appliance thats blocking what it detects as rogue DNS connections for a period. First it blocked 2D and now its blocking Spark but DD just seem to have their head in the sand. Even if it IS a 2D and now Spark issue I'd like to see DD being a lot more proactive rather than just sitting there saying its someone else's issue. Its affecting their paying clients.

It just seems far too much of a coincidence to me - It might be some weird network interconnect issue and maybe the problem is that DD have no diversity in their network - I don't know - I just know its very frustrating as I've had 3 clients I've had to talk through changing their DNS manually to 8.8.8.8 to work around the problem. Normally I'd jump on and so it with Connectwise control - BUT its hosted on my server on an A record currently sitting on DD's system so their connect wise clients can't connect to me.

Amazingly the first one I talked through Teamviewer but that took longer than just talking through manually changing their DNS servers.

I've said it above and I am moving all of my domains elsewhere - Some of which are mine, some are my clients who prefer to have me fully manage their renewals, dns etc. The next phase will be getting my clients to shift their DNS elsewhere as I've had numerous situations of DD support saying the problem was elsewhere when it patently wasn't. Ever since the umbrella merger their support has gone downhill immensely. 

Does anyone have anyone at DD in their engineering team who can look into this??




Matt Beechey

 

Mobius Network Solutions

mobiusnz

304 posts

Ultimate Geek


  #2740456 7-Jul-2021 11:37
Ok. I got an email from an actual engineer at Discount Domains that they have fixed it and it was an issue with rate limiting configuration on their DNS servers and that’s what locked 2D the other day and Spark today.

Very frustrating as with many Helpdesk’s trying to get past the front line but at least I now have confidence that the issue is fixed long term.




Matt Beechey

 

Mobius Network Solutions

