Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Traceroute failing

I've been using the Verisign public DNS, and it has been working well, but I've been attempting to troubleshoot network problems ("sluggish" web browsing, or unable to resolve addresses I know exist). I have eventually turned to the DNS. When I attempt a traceroute, the trace appears to disappear in the Verisign network and never terminates. I'm able to ping the DNS servers and queries made manually seem to complete, but I'm wondering if the traceroute indicates a problem that could cause DNS to fail enough to cause me problems in other areas. I get similar results from two different networks (although ultimately the same provider in each case). Thanks in advance.


Traceroutes below.

$ traceroute -f 4 -n 64.6.65.6
traceroute to 64.6.65.6 (64.6.65.6), 30 hops max, 60 byte packets
4 74.40.70.45 6.394 ms 6.478 ms 6.650 ms
5 74.40.1.217 11.688 ms 11.835 ms 12.020 ms
6 74.40.1.221 11.108 ms 11.409 ms 11.192 ms
7 74.40.5.122 14.272 ms 14.662 ms 14.445 ms
8 198.32.134.38 12.153 ms 12.536 ms 12.324 ms
9 199.16.94.141 30.818 ms 27.527 ms 27.210 ms
10 199.16.94.125 36.761 ms 37.460 ms 34.874 ms
11 199.16.94.117 34.787 ms 199.16.95.83 37.458 ms 199.16.95.81 36.921 ms
12 * 199.16.95.35 36.658 ms 199.16.95.33 38.589 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

I also got this trace with a !X:

$ traceroute -f 4 -n 64.6.64.6
traceroute to 64.6.64.6 (64.6.64.6), 30 hops max, 60 byte packets
4 74.40.70.45 8.704 ms 8.695 ms 8.683 ms
5 74.40.1.217 10.135 ms 9.999 ms 12.351 ms
6 74.40.1.221 12.510 ms 12.633 ms 12.166 ms
7 74.40.5.122 12.769 ms 12.899 ms 14.517 ms
8 198.32.134.38 14.659 ms 14.832 ms 15.257 ms
9 199.16.95.69 15.031 ms 10.970 ms 11.068 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 199.7.74.161 10.837 ms !X * *

Comments

  • Hello cstanhope. Could you provide us with some additional details such as the addresses/locations you are currently seeing resolution issues with? What is the response you are seeing when trying to browse (more specifically is it a 403 error)? Additionally, could you provide us with the results of a DIG +Trace for some of the problematic addresses you are having resolution issues with? These details will assist us with troubleshooting your inquiry further. Thank you in advance.
  • I don't have a log of the DNS queries to provide you. When browsing, I haven't noticed 403 errors, but I haven't been paying too close attention (I'm also not sure how a "403 Forbidden" would relate to DNS lookup). It is more like general slugishness accompanied by failures, although the usual speed tests reveal no problems. I have seen these sorts of symptoms before when DNS is failing or misconfigured due to the sheer number of DNS queries required for most websites, which is why I turned my attention to the DNS. Two sites where people have noticed problems: twitter.com and facebook.com, but those weren't the only sites. The problem is intermittent, which might be related to DNS caching?

    I've provided representative traceroutes for both DNS servers from the two networks I have ready access to at the moment. I'm not sure what other addresses you want me to traceroute? The sites I have trouble with? I've actually done that while I was having trouble, but they have looked sensible so far. Of course, some sites return different DNS results every time you query them, but in those situations, multiple traceroutes looked good.

    The Verisign troubleshooting guide for the DNS indicates I should be able to traceroute to the DNS servers. Since I can't, I thought I would find out if this is expected or if there was perhaps a problem. If it is expected that the traceroute to the Verisign DNS servers should fail, I will turn my attention elsewhere.

    Thank you for your help.
  • Hello cstanhope - We are reviewing this and hope to have an update for you shortly
  • Hello cstanhope. This message is to inform you that we continue to actively investigate this inquiry and will be providing an update as soon as it becomes available. Thank you for your patience.
  • Thank you for the update. :)
  • Hello cstanhope,

    Could you kindly re-run the traceroute with the following command?

    : traceroute 64.6.64.6 -p 53 -T -n

    Also, can you provide any additional details as to the domains for which you are not getting responses back?

    Thank you in advance!
  • Hi, jlee. I apologize for taking so long getting back to you. The output from my command is below (I removed my WAN IP out of paranoia). The traceroutes without the -T option are still failing. I'm confused by the apparent double entry for the destination which I haven't seen before, but it seems using TCP SYN is working. I don't have any other traceroutes that have been failing. When I was investigating destinations before, all the traceroutes I ran were normal, but the traceroute to the DNS was not. If you have suggestions, I will be happy to try running those.

    $ sudo traceroute 64.6.64.6 -p 53 -T -n
    traceroute to 64.6.64.6 (64.6.64.6), 30 hops max, 60 byte packets
    1 x.x.x.x 0.657 ms 0.652 ms 0.934 ms
    2 98.108.151.1 12.717 ms 12.513 ms 13.002 ms
    3 50.39.211.217 5.482 ms 5.339 ms 7.574 ms
    4 74.40.70.45 7.715 ms 7.825 ms 8.043 ms
    5 74.40.1.217 15.616 ms 47.446 ms 47.582 ms
    6 74.40.1.221 12.717 ms 12.650 ms 12.442 ms
    7 74.40.5.122 12.478 ms 9.938 ms 10.008 ms
    8 198.32.134.38 10.135 ms 10.306 ms 10.031 ms
    9 199.16.95.69 10.100 ms 10.113 ms 199.16.95.71 10.270 ms
    10 199.7.74.161 9.898 ms 199.7.74.163 12.160 ms 9.289 ms
    11 64.6.64.6 12.031 ms 12.220 ms 10.126 ms
    12 64.6.64.6 10.347 ms 10.013 ms 9.933 ms

    Here's the one for 64.6.65.6 since it looks a little different:

    $ sudo traceroute 64.6.65.6 -p 53 -T -n
    traceroute to 64.6.65.6 (64.6.65.6), 30 hops max, 60 byte packets
    1 x.x.x.x 0.665 ms 0.604 ms 0.888 ms
    2 98.108.151.1 5.089 ms 7.355 ms 7.688 ms
    3 50.39.211.217 4.918 ms 7.508 ms 7.182 ms
    4 74.40.70.45 9.688 ms 9.989 ms 9.776 ms
    5 74.40.1.217 12.516 ms 12.662 ms 12.844 ms
    6 74.40.1.221 12.159 ms 11.776 ms 12.484 ms
    7 74.40.5.122 13.780 ms 9.897 ms 9.947 ms
    8 198.32.134.38 8.208 ms 8.221 ms 7.696 ms
    9 199.16.94.141 26.818 ms 25.083 ms 24.801 ms
    10 199.16.94.125 34.454 ms 35.409 ms 199.7.62.62 27.096 ms
    11 199.16.95.81 34.405 ms 36.993 ms 199.7.62.43 34.290 ms
    12 199.16.95.35 34.229 ms 199.16.95.33 35.199 ms 199.16.95.35 35.221 ms
    13 199.7.52.163 37.135 ms 64.6.65.6 37.245 ms 199.7.52.163 36.831 ms
    14 64.6.65.6 36.960 ms 34.993 ms 35.116 ms

  • Hello cstanhope,

    Thank you very much for the update. Let us look into these further, and we will get back to you as soon as possible!
  • edited January 2016
    Hello cstanhope,

    Moving forward we will be providing the updates regarding your inquiry via the email address you have listed on file.
This discussion has been closed.