DNS partially down for weeks

I am not seeing any issues with the AT&T AnyCast DNS servers. How are you seeing these "partial" down issues. What happens when you perform a nslookup command followed by a server 68.94.156.1 at the > prompt. And then enter any public host name such as google.com or 1.1..1.1 for resolution information.

What DNS servers are listed for your Broadband connection in your AT&T Gateway device?

Dave

How do I know they're timing out?  Linux systems log that DNS queries to them are timing out.  Web sites on all devices take 5 to 15 seconds to load on the first visit.  Browsers show DNS errors.  It's always been bad but now it's often not working.

I also mentioned that public DNSes work but there are downsides to using them and they can't always be used.

I don't really have a means to see where 68.94.156.1 and 68.94.157.1 locally route to as a customer.

traceroute to 68.94.156.1 (68.94.156.1), 30 hops max, 60 byte packets
 1  _gateway (99.87.255.78)  0.796 ms  0.852 ms  0.921 ms
 2  * * *
 3  71.148.135.240 (71.148.135.240)  3.324 ms  3.235 ms  3.366 ms
 4  12.242.117.14 (12.242.117.14)  28.233 ms  29.393 ms  29.085 ms
 5  * * *
 6  dnsr1.sbcglobal.net (68.94.156.1)  5.300 ms  4.255 ms  4.284 ms

traceroute to 68.94.157.1 (68.94.157.1), 30 hops max, 60 byte packets
 1  _gateway (99.87.255.78)  0.864 ms  0.933 ms  1.001 ms
 2  * * *
 3  71.148.135.240 (71.148.135.240)  3.336 ms  3.331 ms  3.324 ms
 4  12.242.117.14 (12.242.117.14)  5.877 ms  5.921 ms  6.000 ms
 5  * * *
 6  dnsr2.sbcglobal.net (68.94.157.1)  5.047 ms  4.093 ms  4.147 ms

Public DNS servers are not part of the discussion just a personal choice on your part.

These (2) traceroute command result output don't show any timeouts on either 64.98.156.1 or 64.98.157.1 they are both responding to your ICMP packets that the traceroute command uses. There are no timeouts.

Dave

Traceroutes were just for the route, since the DNS IP addresses route to regional hardware.  DNS works fine for you because it's a different server.  That trick is the "AnyCast" you mentioned.

I'm not posting the DNS log.  It's full of personal data and DNS-based tracking codes.

I never asked you to post your Linux DNS log. Just looking for an example of a DNS timeout. Have you restarted your local server running Bind in the last couple of weeks?

How about sharing the output of a nslookup or dig that show a DNS error?

Dave

BTW, sometimes the response from a DNS server is just slow, and outside of the window that a command or software expects (e.g., waits for). So they look like and are reported as a timeout, but are not.

Just pointing this out to try to help figuure out the issue, timeout vs. a slow server.

For devices using AT&T DNS via DHCP, it's anywhere from <1 seconds to 10 seconds, or even failure.  That's too slow.  The bind server I have with forwarding is timing out with it's built-in threshold of a few seconds.  That's also too slow.  DNS is usually millisecond responses.

Now here's a question back:  Do any of you asking questions actually have the means fix the DNS problems?  I don't need debugging.  I need the AT&T router providing working DNS hosts in its DHCP configuration.

No since this a public Forum.

Now the really bad news is that you have no way to reach the DNS team. They are not going to change the configuration of the AT&T Gateway and the way the DHCP server provisions DHCP clients to use the AT&T Gateway as a caching resolver and uses the Broadband assigned DNS Anycast servers based on your account.

You might want to switch providers now if you can't work within the system or use your own configuration.

Dave