I've been using OpenDNS for years but am now running into a problem.
Lately I've noticed frequent "outages" to some websites when accessed (using OpenDNS) via my ISP (Time Warner Cable). But if I run through a proxy, then the site is fine.
Then I noticed that the problem is related to IP names that resolve to a CDN. OpenDNS does show that it is resolving to a local CDN host (meaning in my city), but it is still inaccessible -- the connections drop at the point where the route would leave the ISP's network.
Today I theorized that maybe it isn't just any CDN, but specifically ones where Time Warner has a locally deployed cache. So I tried changing back to Time Warner's DNS, and everything works!
Here's one example (of many): Using OpenDNS, cdn-static-zdnet.com results in:
;; ANSWER SECTION:
cdn-static.zdnet.com. 160 IN CNAME cdn-static.zdnet.com.edgesuite.net.
cdn-static.zdnet.com.edgesuite.net. 9012 IN CNAME a1638.g.akamai.net.
a1638.g.akamai.net. 11 IN A 184.108.40.206
a1638.g.akamai.net. 11 IN A 220.127.116.11
Ping to 18.104.22.168 has high packet loss. (I'd say that the trace ends at ae0.pr1.dfw10.tbone.rr.com (or ae1.pr1.dfw10.tbone.rr.com).
If I use Time Warner's DNS, then I get a different result:
;; ANSWER SECTION:
cdn-static.zdnet.com. 54 IN CNAME cdn-static.zdnet.com.edgesuite.net.
cdn-static.zdnet.com.edgesuite.net. 15134 IN CNAME a1638.g.akamai.net.
a1638.g.akamai.net. 5 IN A 22.214.171.124
a1638.g.akamai.net. 5 IN A 126.96.36.199
This time the trace gets past tbone.rr.com:
7 ae-8-0.cr0.dfw10.tbone.rr.com (188.8.131.52) 14.900 ms 13.921 ms 17.095 ms
8 ae1.pr1.dfw10.tbone.rr.com (184.108.40.206) 14.552 ms 11.888 ms
ae0.pr1.dfw10.tbone.rr.com (220.127.116.11) 17.867 ms
9 18.104.22.168 (22.214.171.124) 11.755 ms 11.989 ms 11.376 ms
10 a96-17-202-88.deploy.akamaitechnologies.com (126.96.36.199) 13.322 ms 14.185 ms 13.923 ms
What I don't get is why even with a locally deployed CDN cache, there wouldn't be a route to the OpenDNS answer.
- Is this a known problem?
- How widespread is this? Does only Time Warner Cable have an issue?
- Does this mean there's no hope for using OpenDNS?
- Is this actually a problem in TWC that they would fix, assuming I can get the ticket routed to the right engineer?
- Is there a way that OpenDNS could work with the ISP so that OpenDNS would return the ISP-deployed cache address?
Note: The reason I stopped using TWC's DNS is they do NXDOMAIN interception, and you can't keep it disabled -- the disable preference expires and then it starts intercepting again.
Please sign in to leave a comment.