dns: forwarder configuration broken in phx1

RESOLVED FIXED

Status

RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: Atoll, Assigned: Atoll)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa-])

(Assignee)

Description

7 years ago
It turns out that our forwarder configuration is not working correctly, but due to split-horizon DNS this only affects nameserver lookups in PHX1 and not SCL2:

ns1.phx1.svc$ dig @ns1.mozilla.org. metrics-logger1.private.scl3.mozilla.com.
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29966

ns1.scl2.svc$ dig @ns1.mozilla.org. metrics-logger1.private.scl3.mozilla.com.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44015
metrics-logger1.private.scl3.mozilla.com. 300 IN A 10.22.75.50

Use tcpdump to verify the forwarder issue and its eventual fix in staging and then deploy to production.
(Assignee)

Updated

7 years ago
Blocks: 773139
(Assignee)

Updated

7 years ago
Depends on: 773410
(Assignee)

Comment 1

7 years ago
This may also be related to the PHX1 forwarder targets (10.8.75.21, 22) refusing lookups for the above hostname in PHX1. Will continue diagnosing once that's fixed (see "depends on" bug list above).
(Assignee)

Comment 2

7 years ago
This turned out to be BIND9 converting "REFUSED" from the upstreams in PHX1 to "NXDOMAIN". SCL2 not affected. Revising description and resolving as fixed.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Summary: dns: forwarder configuration broken in phx1/scl2, affects only phx1 → dns: forwarder configuration broken in phx1
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.