Frustrated that I don't UNDERSTAND why my network times out

Discussion in 'Linux Networking' started by billy, Oct 8, 2013.

  1. billy

    ~BD~ Guest

    Oh dear! I thought you'd cracked it Billy!

    Have you ever 'played' with .... http://nmap.org/ ?

    I've no idea if it will help you .... but you might find it fun! ;-)

    Please advise.
     
    ~BD~, Oct 11, 2013
    1. Advertisements

  2. billy

    unruh Guest

    A red herring. The dns simply translates names to IP addresses. It does
    not do anything else and certainly does not alter routes (unless the
    address changes).
     
    unruh, Oct 11, 2013
    1. Advertisements

  3. billy

    Tauno Voipio Guest


    No, but you're talking of two different IP addresses,
    and IP addresses are the only things routing cares
    about.

    When you supply the name of a website, it gets translated
    to an IP address by DNS. If you get two different IP's,
    it is quite natural that they may have different routes,
    and only one of the sites responds.

    Many Web servers do also care of the name of the target
    site supplied also in the HTTP protocol headers. This
    is how there can be many websites under the same IP.
     
    Tauno Voipio, Oct 11, 2013
  4.  
    petrus bitbyter, Oct 11, 2013
  5. billy

    billy Guest

    To update, the only small victory I can report is that, for
    some reason, the RADIO on the roof (which is equivalent to
    your DSL/Cable modem) *can* ping & traceroute to centos.org
    but the computers in the house can not.

    That would imply it's the Netgear WNDR router, but, I updated
    it to the latest firmware and looked at all the settings, and
    changed a few (e.g., the MTU) but it didn't have any positive
    effect.
    a. I can't access centos.org from any computer by any method.
    b. I *can* ping/traceroute centos.org from the rooftop radio.

    What gets me is that the Netgear WNDR router is pretty much
    set up just like anyone would have set it up for a home. I left
    everything at the defaults other than what absolutely had to
    be changed to give it WPA2-PSK and a static IP address for
    the radio (which the WISP gives me).

    Is there any particular setting you think I should check on the
    Netgear WNDR3200 router that might be the culprit?
     
    billy, Oct 11, 2013
  6. billy

    unruh Guest

    Well, I do not know if you can do it on your router, but you could try a
    tcpdump at the router of the packet sent to centos.or when you ping it
    from your machine and when you ping it from your router to see what the
    difference is. Of course, your router might not have tcpdump capability,
    but comparing those would seem to me to be the only way.

    You could capture a ping packet, say, from your computer and post it (I
    believe it is only 80 bytes long) and maybe someone can see something
    funny in it. I cannot.

    centos does respond to pings, I have tried it.
     
    unruh, Oct 11, 2013
  7. Reading all I can of this thread (maybe not all because off my newsserver is
    not 100% reliable) I followed the diving into the routing and the protocol.
    AFAIS one cause has been overlooked so far: An intermittend hardware error.
    To me all results so far point in that direction. Suspect is all hardware
    between your computer and WISP. Shortest way to find out is exchanging all
    parts of it one at a time, including cables and power supplies. The logic
    behind it looks like obvious to me. All that equipment is similar to that of
    your neighbours but the latter has no problem. Your computer has no problem
    when using it too. So your equipment itself or the place or way it has been
    installed may cause that peculiar problem.

    petrus bitbyter
     
    petrus bitbyter, Oct 11, 2013
  8. billy

    unruh Guest

    It is hard for me to see how a hardware error could cause troubles with
    ONLY centos.org. Remember that he says that he can browse almost all
    other web sites, even during the months that he cannot browse
    centos.org. It is really really hard to imagine some hardware error that
    would be that selective in its application, and furthermore one that
    allowed the packets to reach the penultimate link on a long chain and
    then fail on that final link.

    He has certainly been aware of your possibility, but has no idea how
    that could explain the symptoms. Perhaps you could explain how, even in
    the wildest of scenarios, this could explain his symptoms.
    And if it does, how he could figure our WHAT is wrong.
     
    unruh, Oct 11, 2013
  9. Forget trying to understand something not under your control. Focus on
    contacting people who can help you.

    Just put the domain name of the owner of the last router that replied
    into

    www.checkdomain.com and email the technical contact with the traceroutes
    and brief synopsis of the issues.

    Someone will sort it out in the end. That's their job.

    Registration Service Provided By: DICODE

    Domain Name: BASEIP.COM

    Registration Date: 19-Jan-2011
    Expiration Date: 19-Jan-2014

    Status:LOCKED
    Note: This Domain Name is currently Locked.
    This feature is provided to protect against fraudulent
    acquisition of the domain name,
    as in this status the domain name cannot be transferred or
    modified.

    Name Servers:
    ns1.baseip.com
    ns2.baseip.com


    Registrant Contact Details:
    Base IP B.V.
    T.A. Westervoorde (10815) ()
    Zweedsestraat 8A28
    Deventer
    Overijssel,7418 BG
    NL
    Tel. +31.857733066

    Administrative Contact Details:
    Base IP B.V.
    T.A. Westervoorde (10815) ()
    Zweedsestraat 8A28
    Deventer
    Overijssel,7418 BG
    NL
    Tel. +31.857733066

    Technical Contact Details:
    Base IP B.V.
    T.A. Westervoorde (10815) ()
    Zweedsestraat 8A28
    Deventer
    Overijssel,7418 BG
    NL
    Tel. +31.857733066

    Billing Contact Details:
    Base IP B.V.
    T.A. Westervoorde (10815) ()
    Zweedsestraat 8A28
    Deventer
    Overijssel,7418 BG
    NL
    Tel. +31.857733066

    --
    p-0.0-h the cat

    Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
    Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
    Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
    the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
    the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
    shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
    smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
    liar, and shill.

    Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
    By Appointment to God Frank-Lin.
     
    p-0''0-h the cat (ES), Oct 11, 2013
  10. This reminds me of a problem I encountered with a system using a
    RTL8111/8168B PCI Express Gigabit Ethernet controller.

    Every once in a while, it would stop connecting to some sites, while
    still working for other sites, and I could still use ssh to access
    the system.

    My nephew suggested rebooting the system. I explained, this was a
    linux system, and wouldn't make any difference. After arguing a bit,
    I rebooted it to show him, it wouldn't matter. To my surprise, it did
    clear the problem.

    That system is using a 50ft cable to connect to the router. My current
    guess, is that some packet is getting mangled, some of the time, and
    when it does, the only way to clear the problem, is to reset the pci
    device, by rebooting the system.

    Restarting the network is not enough. The system has to actually be
    rebooted. I suggested changing the wiring, and moving the router
    so a shorter cable could be used, but the owner has chosen to just
    reboot the system, whenever this happens, typically about every
    other week. This has been going on for a couple of years now, with
    multiple kernel updates during that time, and no change in behaviour.

    So there are cases where a hardware problem will affect some sites,
    but not others. Without disassembling the firmware, I have no
    idea what the nic is doing, so I can only confirm the observed
    results.

    Regards, Dave Hodgins
     
    David W. Hodgins, Oct 11, 2013
  11. Well, I agree. It's very hard see how it may happen. Nevertheless, the
    impossible never happens and hard to see is not impossible. In a situation
    like this I'd want to rule out the possibillity that the error is caused by
    my own equipment somehow. It's not only the pure hardware I think about. I
    consider the firmware a part of the hardware in this equipment. I have some
    experience maintaining computer equipment and I several times saw
    unexplainable errors disapear by exchanging parts or equipment that seem to
    have nothing to do with it.

    *If* the cause of the problem has been located in this part of the path,
    there's a question left that may be next to impossible to answer: How does
    it happen? As the OP mentioned that's the most frustrating part of the
    problem.

    petrus bitbyter
     
    petrus bitbyter, Oct 13, 2013
  12. billy

    ps56k Guest

    weird - yup -
    it times out from my network - and other "online testing sites" -
    so... ????

    Ping - centos.org - 85.12.30.227 --> Amsterdam location
    Ping - www.centos.org - 72.232.194.162 ---> ????

    So, where does the - 72.232.194.162 come from ??
    vs my DNS lookup is showing 85.12.30.227 ??

    2 NS1.LAYEREDTECH.COM 72.232.1.236
    AUTH 0 ms Received 1 Answers , rcode=
    PTR: PointerName=www.centos.org,

    cname:www.centos.org
    Lookup failed after 1 name server timed out or responded non-authoritatively

    -----------
    Here's his traceroute run:
    knoppix@Microknoppix:~$ traceroute www.centos.org
    traceroute to www.centos.org (72.232.194.162), 30 hops max, 60 byte

    ----------
    HopCount IP Address HostName
    1 208.123.79.34 net208-123-79-34.static-customer.corenap.com
    2 198.252.182.180 aus-core-10-v12.corenap.com
    3 24.155.184.106 xe-0-0-2-509.AUSTTXMIM002.aggr09.austtx.grandecom.net
    4 24.155.121.76 xe-0-0-0-0.aggr08.austtx.grandecom.net
    5 4.30.74.53 ae5-868.edge9.Dallas1.Level3.net
    6 4.69.145.200 ae-4-90.edge3.Dallas1.Level3.net
    7 4.71.170.6 LAYERED-TEC.edge3.Dallas1.Level3.net
    8 * * * * * *
    9 72.232.194.162 www.centos.org
     
    ps56k, Oct 13, 2013
  13. billy

    Mike Easter Guest

    That is the correct IP.
    That is not the correct IP resolution according to google's DNS.

    That is, www.centos.org resolves to 85.12.30.227 but 85.12.30.227 does
    not rDNS to www.centos.org

    However, 72.232.194.162 rDNS to www.centos.org which does not resolve to
    72.232.194.162
    The DNSreport on centos.org says the MX, SOA, WWW, are all OK but the
    Parent nameservice fails on one dns report but not another.

    Parent Failed Parent nameservers centos.org Your NS records at the
    parent server are:

    Failed Nameservers for domain in DNS centos.org Your NS records at your
    nameservers are:

    However, my dig worked OK showing ns1, ns3, & ns4.centos.org and their
    IPs and all 3 nameservers produced the MXes etc.

    The report at mxtoolbox said the ns at the parent was OK, but then the
    information said it was not. I don't understand this inconsistency in
    the parent DNS status for centos.org.
     
    Mike Easter, Oct 13, 2013
  14. billy

    Rick Jones Guest

    A terminology suggestion that might help when speaking with
    knowledgable nitpickers (I'm a nitpicker, but cannot claim extensive
    routing knowledge :) Rather than call it "static" call it "stable."
    In network-geek-speek a "static" route is one that is, for lack of a
    better term "hard wired" in the configuration router/endsystem, rather
    than one determined automagically via a routing protocol.

    rick jones
     
    Rick Jones, Oct 14, 2013
  15. [snip first routing]

    [snip second routing]

    It's not the routing, it's the destination. Do you see the IP addresses
    in each of the above two routes? The first one works, and the second
    one doesn't.

    The question is why do you get two different IP addresses for the name
    "centos.org"? The answer is probably that the name resolution (DNS) is
    screwed up somewhere. You can get around this by editing /etc/hosts by
    inserting the following line:

    85.12.30.22 www.centos.org centos.org

    This temporary fix will only work as long as they don't change their IP
    address (again?). Why did it work for TOR? Because they use different
    name servers than you do.

    To address some of the other things mentioned in this thread: pings and
    traceroutes can be blocked at any point along the route. Successful
    pings and traceroutes that go all the way to the destination tell you a
    lot, but ping failures and traceroutes that don't go all the way don't
    tell you so much. They do not indicate a problem along the route, or at
    the destination.

    Also, the suggestion of too large an MTU wasn't a bad one. It can cause
    the symptoms you were seeing, but I think you've proven that it is not
    your problem. I haven't seen MTU issues in a long time, though.

    Scott
     
    Scott Hemphill, Oct 14, 2013
  16. billy

    ps56k Guest

    YEAH - this is one weird DNS situation -
    I'd like to find out what eventually turns out to be the problem with the
    DNS,
    but this discussion is all over the map with various tangents regarding the
    orig problem.
     
    ps56k, Oct 17, 2013
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.