Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthornudge
    • CommentTimeJan 10th 2009 edited
     permalink
    I too am having issues with one of my static IP's in New Zealand, accessing some larger websites, they are not loading at all, with OpenDNS servers
    apple.com
    microsoft.com
    bebo.com
    myspace.com
    and others I suspect

    TelstraClear said they didn't want to know, I am annoyed, I spend $1366 per month with them for my business

    Any other kiwis with this issue, like user: kefyn
    http://forums.opendns.com/comments.php?DiscussionID=2583
    • CommentAuthorhoggs
    • CommentTimeFeb 1st 2009
     permalink
    Bumping this up. Same ISP, same problem. You can add Yahoo to that list, I can confirm problems with all the sites already listed. They do resolve, but after that the sites seem to timeout, or stylesheets/images don't load after a while and the site looks poor.

    Wellington Teltra Cable network here.

    Switching back to my ISPs DNS servers resolves all issues.
    • CommentAuthorfreitasm
    • CommentTimeFeb 1st 2009
     permalink
    Same here.

    I've discussed this in our forums and posted in my blog at http://www.geekzone.co.nz/freitasm/6185
    • CommentAuthorrotblitz
    • CommentTimeFeb 1st 2009
     permalink
    "Switching back to my ISPs DNS servers resolves all issues."
    So, you are saying that your ISP's DNS delivers different results (i.e. IP addresses) than OpenDNS? If yes, then OpenDNS may return an IP address to a more distant location of those websites. If no, then your problem is not related to OpenDNS.
    Prove all of this with nslookup or dig or host.
    Also traceroute to such sites in question under the two different scenarios (OpenDNS vs. ISP) would help.
  1.  permalink
    Yeah definetly experiencing exact same issues with the exact same ISP
    • CommentAuthormiriamnz
    • CommentTimeFeb 2nd 2009
     permalink
    Me too. Telstra /paradise not cable. Working up to rotblitz's suggestion, but haven't worked out how to reset my modem back to the way Telstra likes it. I am sure I wrote it down somewhere ...
  2.  permalink
    Hi,

    I work for TelstraClear (IT Architect for the ISP area) and I am would like to assist in doing what it takes to resolve this issue. (Happy to work with OpenDNS on this one.)

    Would be great if someone could explain why they think this is an issue with the TelstraClear network? DNS queries for our customers to OpenDNS servers are of course transported over UDP/IP from the customers PC to the OpenDNS servers. The TelstraClear network does not treat DNS UDP traffic in any special way. It's simply IP. The only traffic that we treat differently is HTTP traffic that we transparently cache. In other words, at this stage I cannot see the issue being with the TelstraClear network.

    However, I am more than willing to proven wrong! (And to then fix the cause.) So please educate me with the symptoms and issues that you are seeing, and I will investigate.

    Many thanks,

    --Olof Olsson

    Ps. Of course, for web sites and services that use DNS based geographic load-balancing, OpenDNS may serve up different addresses than a NZ DNS server. Nothing we can do about that though!
  3.  permalink
    @ olof.olsson

    I sure hope someone takes advantage of your rather kind offer!
    • CommentAuthorkefyn
    • CommentTimeFeb 10th 2009
     permalink
    Agree with Olof's PS and it is these large companies that will use this geo load-balancing.

    This seems to be born out when you dig deeper.

    Take Apple for instance. When going to the apple site you will get stuck on "waiting for images.apple.com".

    If you use the OpenDNS CacheCheck service http://www.opendns.com/support/cache/ and look at this URL you get multpile IP addresses resolving that address all geographically specific. This is the same for Microsoft.com and the rest. All Geo load-balancing.

    This is the result for images.apple.com:

    >>>>>>> Start Screen Copy

    Refreshed results for images.apple.com

    Note: We also refreshed our records for this domain's zone: apple.com.
    United States
    New York, New York, USA Palo Alto, California, USA

    * a932.g.akamai.net
    * images.apple.com.globalredir.akadns.net
    * 64.215.158.33
    * 64.215.158.58



    * a932.g.akamai.net
    * images.apple.com.globalredir.akadns.net
    * 204.2.160.16
    * 204.2.160.234

    Seattle, Washington, USA Washington, DC, USA

    * a932.g.akamai.net
    * a932.g.akamai.net.3214d93f.1.cn.akamaitech.net
    * images.apple.com.globalredir.akadns.net
    * 208.50.77.158
    * 208.50.77.161



    * a932.g.akamai.net
    * images.apple.com.globalredir.akadns.net
    * 204.245.162.16
    * 204.245.162.18

    Chicago, Illinois, USA

    * a932.g.akamai.net
    * images.apple.com.globalredir.akadns.net
    * 128.242.186.200
    * 128.242.186.225

    Europe
    London, England, UK

    * a932.g.akamai.net
    * images.apple.com.globalredir.akadns.net
    * 213.155.157.32
    * 213.155.157.90

    Locations returned different answers, but all are valid records.

    * Some domains deliver different IP addresses based on your location, or the location of the DNS servers you are using. If the domain has recently been moved, it's possible that the old address is present on some servers. Refreshing cache should fix that.

    >>>>>>> Stop Screen Copy

    Note this last comment, I think that this confirms it. It is not the NZ ISPs being baddies. The OpenDNS servers are not in NZ so the IP address returned is based on the openDNS servers location. These big sites are spreading their load. I would guess they may even be applying geo-filtering to these servers. After all only client from their areas will be getting the servers IP address from DNS.

    So, we look like we are in, for instance, the states because that is where our openDNS server says it is, but when our PC with an NZ IP address attempts to get content from the server it is rejected as out of the Geo-zone that server serves.

    So the question is for openDNS and not the NZ ISPs. How can we get the right IP addresses returned for NZ. It seems like a simple matter of having the openDNS server we attach to have an NZ IP address itself.

    OpenDNS, perhaps you should take up Olof's offer to work with you to resolve this.

    KJ
  4.  permalink
    All,

    We have been able to isolate the issue to occur in the following circumstances as it relates to TelstraClear customers in New Zealand:

    1. Customer is using a TelstraClear access method that is transparently cached
    2. Customer has the OpenDNS US based DNS servers configured
    3. Customer attempts to access site that uses geographic load-balancing (Akamized sites for example)

    Under the above circumstances, the customer is unlikely to be able to access the web site.

    The explanation and root cause of the issue is as follows. Let's use a fictional web site "shoerax.com", that uses Akamai to serve its content:

    1) Customer's PC looks up "shoerax.com" against the OpenDNS DNS servers based in the US

    2) shoerax.com uses Akamai, and Akamai DNS servers. Hence the customer's DNS lookup goes to the OpenDNS DNS servers in the US, and these servers recursively look up "shoerax.com" from the Akamai DNS servers. As Akamai uses geographic load-balancing they attempt to return the IPs of servers that "are close to the customer". Akamai use the source IP of the querying recursive DNS server (= OpenDNS US based servers in this instance) to determine what "close to the customer is". Normally this works fine, as most people use recursive DNS servers that are close to where they are. However, when NZ customers use US based DNS servers (like OpenDNS), things break down a little, as US based server IPs are returned. (And they are obviously not close to the customer!) Hence, the Akamai DNS returns IP addresses of US based Akamai servers for shoerax.com.

    3) The customer's PC attempts to establish an HTTP connection with the US based Akamai servers. (Using the IP addresses returned by OpenDNS.)

    4) The TelstraClear transparent caches intercept the HTTP traffic. The transparent caches look up shoerax.com against TelstraClear DNS servers. As these DNS servers are in NZ, Akamai correctly returns the IP addresses of NZ based Akamai servers.

    5) The caches attempt to connect to the NZ Akamai servers to retrieve the web objects.

    6) The NZ Akamai servers sends return packets to the customers PC's (as this is the source IP of the incoming traffic). This is where the problem is. The return traffic should have gone to the caches and not to the customer's PC.

    7) Caches time out

    8) Customer's browser times out

    The TelstraClear caches are situated on the NZ side of our international circuits and only attempt to cache international traffic. They expect that egress international HTTP traffic has return traffic coming back on the international circuits.

    The issue with OpenDNS and TelstraClear transparent caching in conjunction with geographically load-balanced sites, is that the traffic is initially sent internationally (due to lookups against US based OpenDNS servers) and then the caches sends the traffic back domestically (due to lookups against NZ based TelstraClear servers). Due to this asymmetry, return traffic from the target web site do not reach the caches.

    The above is unfortunate, as OpenDNS is an _excellent_ service. Until this issue has been resolved, we recommend that TelstraClear customers do not use overseas DNS servers, like OpenDNS, as this will cause issues with geographically load-balanced sites.

    OpenDNS: would be keen to work with you to come up with a solution. Any plans for hosting OpenDNS servers in NZ? Maybe I can help.


    --Olof

    Ps. For optimum performance, we recommend that TelstraClear customers use the following DNS servers: 203.97.78.43 and 203.97.78.44.
    Thankful People: maintenance, M Frank, iere
    • CommentAuthornudge
    • CommentTimeFeb 25th 2009
     permalink
    Hi Olof

    Just to add, I have four Telstra static IP's, I am only having issues with one, this IP is in a different range to the other 3
    offending IP 203.167.xxx.xxx
    working 3 IP's 203.97.xxx.xxx

    Yes I could just get another static, but why when this could be resolved
    • CommentAuthornudge
    • CommentTimeMar 13th 2009
     permalink
    any news on a fix?
    • CommentAuthorM Frank
    • CommentTimeMar 13th 2009
     permalink
    Since The problem is relative to "geographic load-balancing". The only "fix" using OpenDNS is for OpenDNS to start up servers closer to you. Close enough that the IPs are the same as your ISPs cache. Only when the IPs match can you make use of the cache. That is the proper solution.

    The alternative:
    Get so many networks (from you ISP) resolved by OpenDNS, that your ISPs caches include US geographical load balancing. Not really practical, but in theory it would work.

This discussion has been inactive for longer than 30 days, and is thus closed.