Home page logo
/

nanog logo nanog mailing list archives

Re: RoadRunner/Adelphia AS14065 contact
From: Mark Andrews <marka () isc org>
Date: Thu, 09 Feb 2012 13:37:23 +1100


In message <20120208234141.GZ5968 () angus ind WPI EDU>, Chuck Anderson writes:
On Wed, Jan 11, 2012 at 12:14:29PM -0800, chk wrote:
If there is a Roadrunner contact monitoring the list can you please  
contact me off list regarding a routing issue from ns1/2.adelphia.net

Did you ever get any response?  I'm having a similar issue:

For the past couple months, we have been unable to query the
authoritative DNS servers for adelphia.net on IP addresses
75.180.129.58 and 75.180.129.59 from our campus network IP block
130.215.0.0/16, using either TCP or UDP:

dig +short +norec @75.180.129.58 adelphia.net. mx
;; connection timed out; no servers could be reached

dig +short +norec @75.180.129.59 adelphia.net. mx
;; connection timed out; no servers could be reached

dig +tcp +short +norec @75.180.129.58 adelphia.net. mx
;; communications error to 75.180.129.58#53: end of file

dig +tcp +short +norec @75.180.129.59 adelphia.net. mx
;; communications error to 75.180.129.59#53: end of file

This is causing email failures to anyone with an @adelphia.net email
address.

I can ping the DNS servers from 130.215.0.0/16:

ping  -c3 75.180.129.58 
PING 75.180.129.58 (75.180.129.58) 56(84) bytes of data.
64 bytes from 75.180.129.58: icmp_req=1 ttl=241 time=26.9 ms
64 bytes from 75.180.129.58: icmp_req=2 ttl=241 time=26.7 ms
64 bytes from 75.180.129.58: icmp_req=3 ttl=241 time=26.7 ms

--- 75.180.129.58 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 26.711/26.797/26.953/0.110 ms

ping -c3 75.180.129.59
PING 75.180.129.59 (75.180.129.59) 56(84) bytes of data.
64 bytes from 75.180.129.59: icmp_req=1 ttl=241 time=25.9 ms
64 bytes from 75.180.129.59: icmp_req=2 ttl=241 time=26.1 ms
64 bytes from 75.180.129.59: icmp_req=3 ttl=241 time=25.5 ms

--- 75.180.129.59 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 25.523/25.871/26.120/0.285 ms

And I can make a TCP port 53 connection which gets immediately closed:

telnet 75.180.129.58 53
Trying 75.180.129.58...
Connected to 75.180.129.58.
Escape character is '^]'.
Connection closed by foreign host.

telnet 75.180.129.59 53
Trying 75.180.129.59...
Connected to 75.180.129.59.
Escape character is '^]'.
Connection closed by foreign host.

It is acting as if there is an ACL or firewall rule that is blocking
130.215.0.0/16 from accessing DNS port 53 on the DNS servers at
75.180.129.58 and 75.180.129.59.

I've already ruled out any firewalls on our end, as well as any
routing issues.  I can see the UDP port 53 packets going out, but
there is no reply.  I can see the 3-way TCP port 53 handshake packets
going out and coming in, but the other end closes the connection
immediately.

If I use a non-130.215.0.0/16 source IP from my router, I get a normal
response via both UDP and TCP:

% dig -b 207.210.142.142 +short +norec @75.180.129.58 adelphia.net. mx
10 cdptpa-smtpin01.mail.rr.com.
20 cdptpa-smtpin02.mail.rr.com.

% dig -b 207.210.142.142 +short +tcp +norec @75.180.129.58 adelphia.net. mx
10 cdptpa-smtpin01.mail.rr.com.
20 cdptpa-smtpin02.mail.rr.com.

I'd appreciate if someone could help me find a clueful contact at
TW/RoadRunner/Adelphia/Comcast/whoever they are now.  I've tried all
the contacts in WHOIS for adelphia.net, the IP block, and ASN.  I've
tried the NOC List on puck.nether.net--no matches.

Thanks,
Chuck


Sounds like a bad "bogus" acl.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault