FYI: Gandi DNS servers seem to be having problems. (tummy.com, ltd. Journal Entry)
tummy.com: we do linux
Search: Google
Web www.tummy.com

Tuesday May 27, at 15:40
Subject: FYI: Gandi DNS servers seem to be having problems.
Keywords: DNS, Technical
Posted by: Sean Reifschneider

We've been recommending gandi.net as a domain registration provider for our clients needing registration service. FYI: If you are using gandi.net for your DNS (registration seems fine, it's just DNS that seems impacted), it looks like they're having serious issues. Read on for more details.

This does not impact you if you are using the ns1.tummy.com and ns2.tummy.com name servers.

Over the last few hours we have noticed that some of the gandi.net name servers are unreachable from our facility, and are completely unreachable via Comcast. Their blog and support forums don't report any problems, so I have submitted a support request with them. However, they only seem to offer 48 hour turn-around on requests. If you are using gandi.net for DNS, I'd urge you to submit a support request with them

While gandi.net seems to be providing DNS servers in different IP blocks, they seem to be using the same upstream connectivity for both DNS servers. That's not an ideal way to architect DNS service. So, while I still recommend gandi.net for registration service, I don't think I'll be able to recommend them for DNS service.

For comparison, the tummy.com name servers are in completely different networks, but they're also geographically diverse by around 800 miles, and they also by completely different networks. One connects via Time Warner, Level 3, and InterNAP, the other via Sprint. This design is why we've never had an outage that's impacted both of our DNS servers.

As far as recommendations for other DNS providers, right now I don't have an alternative. I'd recommend shopping carefully though. DNS is so important, but getting it completely right can be tricky.
(Post Reply)

Comment
 Author: Sean Reifschneider
Subject: Current status: Resolved for the moment.
The issue seems to be resolved. Matt Taggart passed along some information that the linux-foundation was also experiencing similar problems, and their upstream was able to change routing to route around that problem. Matt reported second-hand that it looked like some sort of routing issue between Comcast and Global Crossing, but what I saw looked like it was a routing issue within Global Crossing. It's impossible to tell for sure from this vantage-point though.

I still stand by my statement that Gandi's DNS service could stand to be set up to be more distributed. It's real tough, because eventhings like "AnyCast", which are a common way of making DNS servers resiliant, may not work well in the face of this sort of outage. For reasons that I won't go into the mind-numbing details of... I don't know if Gandi is using AnyCast for DNS, but in this case it may not have helped.

Sometimes keeping it simple is a good way to go. Our mechanism, which definitely is keeping it simple, has proven quite reliable over the 5 or 6 years it's been running that way.

Sean

All trademarks and copyrights on this page are owned by their respective owners. Submitted content is owned by the Poster. The Rest © 1995-2007, www.tummy.com
Privacy Policy