OpenDNS vs. ISP hosted CDN
I've been using OpenDNS for years but am now running into a problem.
Lately I've noticed frequent "outages" to some websites when accessed (using OpenDNS) via my ISP (Time Warner Cable). But if I run through a proxy, then the site is fine.
Then I noticed that the problem is related to IP names that resolve to a CDN. OpenDNS does show that it is resolving to a local CDN host (meaning in my city), but it is still inaccessible -- the connections drop at the point where the route would leave the ISP's network.
Today I theorized that maybe it isn't just any CDN, but specifically ones where Time Warner has a locally deployed cache. So I tried changing back to Time Warner's DNS, and everything works!
Here's one example (of many): Using OpenDNS, cdn-static-zdnet.com results in:
;; ANSWER SECTION:
cdn-static.zdnet.com. 160 IN CNAME cdn-static.zdnet.com.edgesuite.net.
cdn-static.zdnet.com.edgesuite.net. 9012 IN CNAME a1638.g.akamai.net.
a1638.g.akamai.net. 11 IN A 72.246.55.41
a1638.g.akamai.net. 11 IN A 72.246.55.17
Ping to 72.246.55.41 has high packet loss. (I'd say that the trace ends at ae0.pr1.dfw10.tbone.rr.com (or ae1.pr1.dfw10.tbone.rr.com).
If I use Time Warner's DNS, then I get a different result:
;; ANSWER SECTION:
cdn-static.zdnet.com. 54 IN CNAME cdn-static.zdnet.com.edgesuite.net.
cdn-static.zdnet.com.edgesuite.net. 15134 IN CNAME a1638.g.akamai.net.
a1638.g.akamai.net. 5 IN A 96.17.202.88
a1638.g.akamai.net. 5 IN A 96.17.202.146
This time the trace gets past tbone.rr.com:
7 ae-8-0.cr0.dfw10.tbone.rr.com (66.109.6.52) 14.900 ms 13.921 ms 17.095 ms
8 ae1.pr1.dfw10.tbone.rr.com (107.14.17.234) 14.552 ms 11.888 ms
ae0.pr1.dfw10.tbone.rr.com (107.14.17.232) 17.867 ms
9 107.14.16.210 (107.14.16.210) 11.755 ms 11.989 ms 11.376 ms
10 a96-17-202-88.deploy.akamaitechnologies.com (96.17.202.88) 13.322 ms 14.185 ms 13.923 ms
What I don't get is why even with a locally deployed CDN cache, there wouldn't be a route to the OpenDNS answer.
Questions:
- Is this a known problem?
- How widespread is this? Does only Time Warner Cable have an issue?
- Does this mean there's no hope for using OpenDNS?
- Is this actually a problem in TWC that they would fix, assuming I can get the ticket routed to the right engineer?
- Is there a way that OpenDNS could work with the ISP so that OpenDNS would return the ISP-deployed cache address?
Note: The reason I stopped using TWC's DNS is they do NXDOMAIN interception, and you can't keep it disabled -- the disable preference expires and then it starts intercepting again.
-
- Yes, this can happen, especially if your ISP routes you to a more distant OpenDNS location. To see the OpenDNS location you're routed to, execute the following command:
dig +short which.opendns.com txt - This is always if you are far away from any OpenDNS location or are routed by your ISP to a far OpenDNS location.
- There is hope. One example would be to use an own internal DNS server, where you configure certain zones to be resolved by your ISP's DNS service and the rest by OpenDNS.
- If there is bad routing configured where they are in charge for, then yes, they can and should fix that.
- And yes, feel free to open a ticket with OpenDNS, so that OpenDNS work with your ISP and their network carriers to get routing optimized. And no, OpenDNS cannot return DNS information it is not fed with as recursive DNS service.
- Yes, this can happen, especially if your ISP routes you to a more distant OpenDNS location. To see the OpenDNS location you're routed to, execute the following command:
Please sign in to leave a comment.
Comments
1 comment