Mailing List Archive: NANOG: users

RE: Connectivity problems to google via openDNS

Index | Next | Previous | View Threaded

mark at edgewire

Feb 9, 2010, 6:32 AM

Post #1 of 7 (799 views)
Permalink

RE: Connectivity problems to google via openDNS

Hello nanog,

Just wondering if anyone is experiencing the same problem with google
and openDNS on their end or knows what's going on there with openDNS.
The problem just occurred about 20 minutes ago.

Trace is as follows: http://inetpro.org/pastebin/2418

Kind regards,

Mark

mark at edgewire

Feb 9, 2010, 6:43 AM

Post #2 of 7 (754 views)
Permalink

Re: Connectivity problems to google via openDNS [In reply to]

It's over a vpn from Asia to US. I wouldn't worry about that 280ms
latency. :)

Kind regards,

Mark

On Feb 9, 2010, at 10:41 PM, Joachim Tingvold wrote:

> On 9. feb. 2010, at 15.32, Mark wrote:
>> Just wondering if anyone is experiencing the same problem with
>> google and openDNS on their end or knows what's going on there with
>> openDNS. The problem just occurred about 20 minutes ago.
>>
>> Trace is as follows: http://inetpro.org/pastebin/2418
>
> I'd say ~280 ms to your first hop sound's more disturbing then not
> being able to reach Google (-:
>
>
> --
> Joachim Tingvold
> joachim [at] tingvold

jabley at hopcount

Feb 9, 2010, 6:50 AM

Post #3 of 7 (751 views)
Permalink

Re: Connectivity problems to google via openDNS [In reply to]

On 2010-02-09, at 09:43, Mark wrote:

> It's over a vpn from Asia to US. I wouldn't worry about that 280ms latency. :)

Note that you're not trying to reach google, either.

OpenDNS is returning you addresses for their own proxies. I believe they do this as part of some of their content-control services to allow you to limit the kind of search queries you (or your users, depending on who decided to use OpenDNS) are able to do.

So while the user problem may be "can't reach google" perhaps the engineering problem is "can't get response from OpenDNS proxy".

Joe

mark at edgewire

Feb 9, 2010, 6:52 AM

Post #4 of 7 (749 views)
Permalink

Re: Connectivity problems to google via openDNS [In reply to]

Doh. Didn't realize that. Thanks for the heads up Joe. I'll go take
another look.

Thanks in advance!

Kind regards,

Mark

On Feb 9, 2010, at 10:50 PM, Joe Abley wrote:

>
> On 2010-02-09, at 09:43, Mark wrote:
>
>> It's over a vpn from Asia to US. I wouldn't worry about that 280ms
>> latency. :)
>
> Note that you're not trying to reach google, either.
>
> OpenDNS is returning you addresses for their own proxies. I believe
> they do this as part of some of their content-control services to
> allow you to limit the kind of search queries you (or your users,
> depending on who decided to use OpenDNS) are able to do.
>
> So while the user problem may be "can't reach google" perhaps the
> engineering problem is "can't get response from OpenDNS proxy".
>
>
> Joe
>

jay at west

Feb 9, 2010, 9:56 AM

Post #5 of 7 (752 views)
Permalink

Re: Connectivity problems to google via openDNS [In reply to]

Mark wrote:
> Hello nanog,
>
> Just wondering if anyone is experiencing the same problem with google
> and openDNS on their end or knows what's going on there with openDNS.
> The problem just occurred about 20 minutes ago.

Don't do that then.

OpenDNS is a form of censorware and almost certainly hijacking queries
to Google (and numerous other sites), redirecting to its own servers.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay [at] impulse
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

mpalmer at hezmatt

Feb 9, 2010, 3:43 PM

Post #6 of 7 (749 views)
Permalink

Re: Connectivity problems to google via openDNS [In reply to]

On Tue, Feb 09, 2010 at 09:56:23AM -0800, Jay Hennigan wrote:
> Mark wrote:
>> Hello nanog,
>>
>> Just wondering if anyone is experiencing the same problem with google
>> and openDNS on their end or knows what's going on there with openDNS.
>> The problem just occurred about 20 minutes ago.
>
> Don't do that then.
>
> OpenDNS is a form of censorware and almost certainly hijacking queries
> to Google (and numerous other sites), redirecting to its own servers.

It's also got some spectacularly odd failure modes. I was helping a
customer diagnose a problem yesterday where when they attempted to connect
to one server by name, they were reliably getting another server on the same
network. Turned out that the DNS responses from OpenDNS (they were in a
cafe somewhere with free wireless that was using OpenDNS) were giving
slightly wrong addresses -- like the real address for example.com was
192.0.2.12, and OpenDNS was giving the response that example.com was at
192.0.2.16 (another server in the same cluster, hence the insane confusion).
No wildcarding or recent DNS changes at our end, either -- it was just
OpenDNS screwing things up *somehow*.

"Never, ever use OpenDNS" is my recommendation.

- Matt

davidu at everydns

Feb 10, 2010, 2:14 PM

Post #7 of 7 (701 views)
Permalink

Re: Connectivity problems to google via openDNS [In reply to]

On 2/9/10 3:43 PM, Matthew Palmer wrote:
> Turned out that the DNS responses from OpenDNS (they were in a
> cafe somewhere with free wireless that was using OpenDNS) were giving
> slightly wrong addresses -- like the real address for example.com was
> 192.0.2.12, and OpenDNS was giving the response that example.com was at
> 192.0.2.16 (another server in the same cluster, hence the insane confusion).
> No wildcarding or recent DNS changes at our end, either -- it was just
> OpenDNS screwing things up *somehow*.

I've never heard of such a report until now. And if true, that would be
shockingly bizarre behavior. In the past when I've heard similar, I
have a 100% success rate in discovering it's actually a misconfiguration
of authoritative records.

Feel free to email me directly if you ever find yourself encountering a
similar situation like that again and I'll be happy to troubleshoot it.

Thanks,
David

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads