nanog mailing list archives
Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work
From: Mel Beckman <mel () beckman org>
Date: Mon, 13 Jan 2025 15:48:54 +0000
Dan, That dig tip for identifying the NS phy loc is very nice! That's something I can put in our support procedures for DNS troubleshooting. -mel ________________________________ From: nanog () fleish org <nanog () fleish org> Sent: Monday, January 13, 2025 7:19 AM To: Mel Beckman <mel () beckman org>; sterling.daniel () gmail com <sterling.daniel () gmail com> Cc: North American Network Operators' Group <nanog () nanog org> Subject: Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work I’m seeing some of the resolver IPs being filtering from various locations while responding from others, no doubt due to their use of anycast. I rarely ping test 4.2.2.2 anymore, having switched to 8.8.8.8 some time ago which I have a window up running 24x7 as a quick way to detect if my laptop is having connectivity issues from wherever it currently resides. It’s usually reliable, but I understand such traffic is the first to get filtered/dropped when needed so it’s just an initial indicator for me from which further testing can be performed when needed. I will also mention it’s possible to detect which NS server/pool/location you are reaching on Level3’s network via the below dig query. This has been an invaluable tool over the years as IME they tend to break DNS sub-delegation at least once or twice a year and the more data you can provide to them about where the breakage is the faster you can get them to engage the DNS team to actually fix it vs. arguing with you that it’s not broken because it "works for them” (facepalm). And at least once I found they broke resolution on their authoritative name servers (ns1.l3.net<http://ns1.l3.net> or ns2.l3.net<http://ns2.l3.net>) and again they first told me it wasn’t a problem because DNS again the broken one(s) would timeout and then get the answer from another, working server (double-facepalm). dig +short @4.2.2.2 hostname.bind CH TXT I’ve also been provided this query to derive the same for Cloudflare’s NS servers: dig CHAOS TXT id.server @1.1.1.1 +nsid And the following for Cleanbrowsing NS servers (these power content filtering on Unifi networks): nslookup -type=txt iptest.whois.dnscontest.cleanbrowsing.org<http://iptest.whois.dnscontest.cleanbrowsing.org> Below are the results I got for Level3 from various locations (pardon the wall of text). It looks like they’re making some changes to serve DNS queries off their NTP servers
From Level3 WDC1/McLean:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.987/0.987/0.987/0.000 ms "pubntp1.wdc12" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.926/0.926/0.926/0.000 ms "cns4.sjo1" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.799/0.799/0.799/0.000 ms "pubntp1.wdc12" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.855/0.855/0.855/0.000 ms "pubntp2.wdc12" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.897/0.897/0.897/0.000 ms "cns4.sjo1" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.973/0.973/0.973/0.000 ms "pubntp1.wdc12”
From Level3 SFO1/Sunnyvale:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms "cns3.sjo1" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns2.sjo1" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns1.sjo1" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns2.sjo1" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.275/0.275/0.275/0.000 ms "cns3.sjo1" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns3.sjo1”
From Comcast Atlanta:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns2.atl2" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 13.442/13.442/13.442/0.000 ms "cns4.atl2" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 13.431/13.431/13.431/0.000 ms "cns2.atl2" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 13.632/13.632/13.632/0.000 ms "cns2.atl2" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 12.656/12.656/12.656/0.000 ms "cns3.atl2" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 12.041/12.041/12.041/0.000 ms "cns4.atl2”
From AT&T Atlanta:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns2.atl2" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "pubntp1.atl2" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns3.atl2" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 15.430/15.430/15.430/0.000 ms "pubntp1.atl2" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns3.atl2" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 16.103/16.103/16.103/0.000 ms "cns4.atl2”
From AT&T SF Bay Area Peninsula:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 7.880/7.880/7.880/0.000 ms "cns3.sjo1" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns2.sjo1" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 6.888/6.888/6.888/0.000 ms "cns3.sjo1" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1000ms "cns4.sjo1" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 7.173/7.173/7.173/0.000 ms "cns1.sjo1" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns2.sjo1”
From DRFortress Honolulu:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns3.sjo1" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns3.sjo1" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 54.233/54.233/54.233/0.000 ms "cns3.sjo1" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns3.sjo1" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 54.195/54.195/54.195/0.000 ms "cns3.sjo1" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms "cns4.sjo1”
From Hawaiian Telecom Honolulu (oddly from here I get no response to the hostname.bind dig queries):
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 54.727/54.727/54.727/0.000 ms PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 56.765/56.765/56.765/0.000 ms PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
From Unitas Seacacus:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.062/2.062/2.062/0.000 ms "cns2.nyc6" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.012/2.012/2.012/0.000 ms "cns2.nyc6" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.651/1.651/1.651/0.000 ms "cns3.nyc6" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.055/2.055/2.055/0.000 ms "cns2.nyc6" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.102/2.102/2.102/0.000 ms "cns3.nyc6" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.626/1.626/1.626/0.000 ms "cns3.nyc6”
From Verizon FIOS New York (oddly from here I get no response to the hostname.bind dig queries):
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.355/4.355/4.355/0.000 ms PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.764/3.764/3.764/0.000 ms PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.053/4.053/4.053/0.000 ms PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.394/3.394/3.394/0.000 ms PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.442/3.442/3.442/0.000 ms PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.944/4.944/4.944/0.000 ms
From Allied Telecom in Washington DC:
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data. --- 4.2.2.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.683/1.683/1.683/0.000 ms "pubntp1.wdc12" PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. --- 4.2.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.592/1.592/1.592/0.000 ms "pubntp2.wdc12" PING 4.2.2.3 (4.2.2.3) 56(84) bytes of data. --- 4.2.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.776/1.776/1.776/0.000 ms "cns1.wdc12" PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data. --- 4.2.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.810/1.810/1.810/0.000 ms "pubntp2.wdc12" PING 4.2.2.5 (4.2.2.5) 56(84) bytes of data. --- 4.2.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.729/1.729/1.729/0.000 ms "cns1.wdc12" PING 4.2.2.6 (4.2.2.6) 56(84) bytes of data. --- 4.2.2.6 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.432/1.432/1.432/0.000 ms "cns4.sjo1” -T On Jan 13, 2025, at 07:00, nanog-request () nanog org wrote: Message: 6 Date: Mon, 13 Jan 2025 04:24:50 +0000 From: Mel Beckman <mel () beckman org<mailto:mel () beckman org>> To: Daniel Sterling <sterling.daniel () gmail com<mailto:sterling.daniel () gmail com>> Cc: Jerry Cloe <jerry () jtcloe net<mailto:jerry () jtcloe net>>, "nanog () nanog org<mailto:nanog () nanog org>" <nanog () nanog org<mailto:nanog () nanog org>> Subject: Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work Message-ID: <1E72A509-881F-453A-B5D4-7AF8FDB44C4E () beckman org<mailto:1E72A509-881F-453A-B5D4-7AF8FDB44C4E () beckman org>> Content-Type: text/plain; charset="utf-8" Dan, Thanks! I had never read that before. But that makes sense. -mel On Jan 12, 2025, at 8:22?PM, Daniel Sterling <sterling.daniel () gmail com<mailto:sterling.daniel () gmail com>> wrote: ? Seems like these IPs not responding to ping is not unusual, as per https://www.reddit.com/r/sysadmin/comments/11syv2e/google_dns_8888_dropping_pings_like_crazy_today/ "Google has stated multiple times before as has Level3/CenturyLink/Lumen that 4.2.2.1 and 8.8.8.8 should not be used for ping checks and they will drop packets when under load or if they notice too much activity from a single IP" -- Dan On Sun, Jan 12, 2025 at 11:03?PM Mel Beckman <mel () beckman org<mailto:mel () beckman org><mailto:mel () beckman org>> wrote: Still not pinging from Frontier, Lumen, AT&T, or Verizon networks -mel On Jan 12, 2025, at 4:13?PM, Jerry Cloe <jerry () jtcloe net<mailto:jerry () jtcloe net><mailto:jerry () jtcloe net>> wrote: ? O:\>ping 4.2.2.1 Pinging 4.2.2.1 with 32 bytes of data: Reply from 4.2.2.1<http://4.2.2.1<http://4.2.2.1/>>: bytes=32 time=36ms TTL=56 Reply from 4.2.2.1<http://4.2.2.1<http://4.2.2.1/>>: bytes=32 time=44ms TTL=56 Reply from 4.2.2.1<http://4.2.2.1<http://4.2.2.1/>>: bytes=32 time=36ms TTL=56 Reply from 4.2.2.1<http://4.2.2.1<http://4.2.2.1/>>: bytes=32 time=38ms TTL=56 Ping statistics for 4.2.2.1<http://4.2.2.1<http://4.2.2.1/>>: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 36ms, Maximum = 44ms, Average = 38ms Same for 4.2.2.2 -----Original message----- From: Mel Beckman <mel () beckman org<mailto:mel () beckman org><mailto:mel () beckman org>> Sent: Sun 01-12-2025 06:07 pm Subject: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work To: nanog () nanog org<mailto:nanog () nanog org><mailto:nanog () nanog org>; I noticed that Level3 open DNS 4.2.2.1 and 4.2.2.2 stopped responding to ping today. They are responding to DNS queries however. Does anyone know if this filtering is going to be permanent? -mel beckman -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20250113/eb801d1d/attachment-0001.html>
Current thread:
- Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work nanog--- via NANOG (Jan 13)
- Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work Mel Beckman (Jan 13)
- Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work nanog--- via NANOG (Jan 13)
- Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work Justin Krejci (Jan 13)
- Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work Warren Kumari (Jan 16)
- Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work nanog--- via NANOG (Jan 13)
- Re: Level3 4.2.2.1 and 4.2.2.2 not responding to pings, DNS queries work Mel Beckman (Jan 13)