External Network Problems

45n5

New Member
I have 100% uptime with knownhost from kentucky,usa however I repeatedly get told by other people from around the world that they can't connect to my sites.

Here are some of the things I will hear.

Your site is down (even though it's up for me)

You site has been down all day but google reader is updating your new posts.

I can see your site using a proxy but not going there directly.

I can't submit your url's to digg (digg can't see your server)

Usually when I get an abundance of these types of complaints the sites will go down for me until i hit refresh in my browser, that's all it takes for me.

Help Fix This

Is there anything I can do on my end to improve the connectivity of my sites and make these random outages stop?

This has been going on for weeks. And I'm not the only one noticing

http://forums.knownhost.com/showthread.php?t=1102

thanks for your input
 
Hello and welcome to the Knownhost forums!

The thread you mentioned dealt with an oversees customer complaining about a particular ISP that was having trouble with different USA(and non USA) based sites.

Here in my country we have several ISP but one of them ( i guess the biggest one ) is having problems with their link that connects to another countries ( including USA ).

My huntch is that your domain dns is not set up correctly, either at the domain registrar or on your VPS. Both the TX and CA data centers have pretty reliable backbones so this definitely should not be happening and is not normal. Would you mind letting me know your domain name either via this thread or PM?

Regards,
 
You'd really need to dig up some more information on the failures before you can pinpoint the problem. If the site doesn't load, that could be caused by a number of factors. If the domain name doesn't resolve, then that's a different story. Aside from the overly lengthy TTL value, your BIND config looks fine to me.
 
thank link shows problems with my dns, should I put in a ticket or can you help me here?

These are the errors

Same Glue: Looks like the A records (the GLUE) got from the parent zone check are different than the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do.I detected some problems as follows:
For ns1.45n5.net the parent reported: ['72.249.86.52'] and your nameservers reported: ['72.249.86.51']

Different subnets WARNING: Not all of your nameservers are in different subnets


Different autonomous systems WARNING: Single point of failure
SOA EXPIRE Your SOA EXPIRE number is: 3600000. This value determines how long a secondary DNS server will still treat its copy of the zone data as valid if it can't contact the primary DNS server. RFC1912 suggests a value of 2-4 weeks (1209600 to 2419200 seconds).
 
put it without "www" http://www.intodns.com/45n5.net works fine, your domains appears correctly setup , you have a small SOA warning remaining to fixe, you have setup a large SOA expire

Code:
            1195952713
            10800
            3600
            [B][COLOR=Red][B]3600000[/B][/COLOR][/B]
            38400 )
set it to

Code:
            1195952713
            10800
            3600
            [B][COLOR=Red]604800[/COLOR][/B]
            38400 )
below is my Zone configuration (Names to IP) if you want a sample to check with yours:

Code:
$ttl 38400
heapoverflow.com.    IN    SOA    heap1.heapoverflow.com. webmaster.heapoverflow.com. (
            1195952713
            10800
            3600
            604800
            38400 )
heapoverflow.com.               NS    heap1.heapoverflow.com.
heapoverflow.com.               NS    heap2.heapoverflow.com.
heapoverflow.com.               MX  10    mta.heapoverflow.com.
heapoverflow.com.            IN   A    65.99.213.138
heap1.heapoverflow.com.         IN   A  65.99.213.138
heap2.heapoverflow.com.         IN   A  65.99.213.139
mta.heapoverflow.com.           IN   A  65.99.213.138
www                             CNAME   heapoverflow.com.
http://www.intodns.com/heapoverflow.com
 
The information that site is providing is very difficult to read. Try dnsstuff.com instead, and don't worry about the "separate class C's" warning as there is nothing you can do about that.

I suspect whatever load failures you're experiencing are the fault of your CMS or one of the services it depends upon.
 
query passed in DNSStuff looks like you have behaviours with somes not caught by intoDNS:

BIND configuration issue
Code:
WARNING:  Your SOA EXPIRE time is : [B]3600000 seconds[/B].  This seems a bit high.  You should consider decreasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks).  [URL="http://www.dnsstuff.com/pages/rfc1912.htm"]RFC1912[/URL] suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

BIND configuration issue
Code:
WARNING:  Your SOA REFRESH interval is : 86400 seconds.  This seems high.  You should consider decreasing this value to about 3600-7200 seconds (or higher, if using DNS NOTIFY).  [URL="http://www.dnsstuff.com/pages/rfc1912.htm"]RFC1912[/URL] 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours, with the longer time periods used for very slow Internet connections), and if you are using DNS NOTIFY the refresh value is not as important (RIPE recommend 86400 seconds if using DNS NOTIFY). This value determines how often secondary/slave nameservers check with the master for updates. A value that is too high will cause DNS changes to be in limbo for a long time.

Iptables Firewall configuration issue
Code:
Error: Our local DNS server was unable to get your MX record. This usually means that a firewall in front of your DNS server is interfering. For example, it may be blocking DNS packets from low source port numbers (ours is often in the 1024-1030 range). Firewalls should never block DNS queries based on the source IP address; otherwise, it is guaranteed that legitimate queries will be blocked. This specific lookup must be cached, so a recent change may not be reflected.

Mail server configuration issue (fix it to avoid spam issues)
Code:
Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to [URL="http://www.openspf.org/"]add an SPF record[/URL] ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).
 
thanks all again

I changed all of my soa's or 'expires" to

604800

hopefully this will solve my problem

I don't think it's the cms on my part because it always works for me and google reader always works, it is random connectivity issues from around the globe.

seems like the 604800 cleared up my "GLUE" problems also ;)

if anybody stumbles on this thread at a later date you need to go into your main WHM panel and click EDIT DNS ZONE then choose your domain and hit EDIT to change these settings.
 
hello class101 I'm checking it at dnsstuff now and see the same errors

it thinks that 86400 is high and recommends 3600-7200


I'm also seeing this big FAIL

WARNING: Your nameservers do not include any corresponding A records when asked for your NS records. They probably are not returning the A records when asked, which can prevent some other DNS servers from contacting your DNS servers. They should do this if they are authoritative for those A records (in BIND, you should not use 'minimal-responses yes;'). The problem record(s) are:

Nameserver 72.249.86.51 did not provide any IPs
Nameserver 72.249.86.52 did not provide any IPs
 
could you go in /var/named folder and copy and paster here the content of the *.hosts files, you have a small error somewhere in this files in think

If you are having problems using DnsStuff.com, try blocking cookies from that domain. ;)

Tried but no luck , I have CookieSafe Firefox , blocked the site, removed the actuall cookie but it keeps rejecting :(
 
ok I got it working by blocking cookie + using http://www.seoconsultants.com/tools/dns/, I have seen on forums this links advertised to bypass dnsstuff cookie , looks like working from here because if I try directly at dnstuff by blocking my cookie , I m rejected, but from the seoconsultant it appears to work :) but only with blocking cookie else I have tried without blocking cookie and the seoconsultant no more bypass.

here 's another one http://www.zonecheck.fr/demo/
 
thanks all for the help again

I doubt it's an overactive firewall because I can always see it and randomly people can't see the site from around the world, plus this didn't happen on other host the domains were sitting on with many of the same visitors that are having trouble now.

not sure what I should try next or should I wait a few days and see if the earlier expire time change helps over the next week?
 
I doubt it's an overactive firewall because I can always see it and randomly people can't see the site from around the world, plus this didn't happen on other host the domains were sitting on with many of the same visitors that are having trouble now.

What happened on one machine has little to do with what's currently happening on another. There are any number of things you could have setup differently.
 
What happened on one machine has little to do with what's currently happening on another. There are any number of things you could have setup differently.

I understand different machines have different settings.

The point was people didn't have a problem before I switched to known host, therefore it probably isn't my cms and isn't their firewall, and I'd like to find the settings at known host where visitors don't have trouble.
 
Top