Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I get a call: "Hey the site is down. Fix it!"
Worked on my workstation, not on my phone => DNS issue.
Local cache: "All OK"
ISP's DNS: "No record"
Google DNS: "Server error"
MXToolbox: "All OK"
CloudFlare DNS: "Domain? What domain?"
After a day of fucking around with configs and wanting to strangle the customer support guy, I just started pressing buttons, until suddenly, it worked. Turns out I'd accidentally enabled DNSSEC on a domain, that wasn't configured for it.
Lesson learned: There is no official DNS error code for "DNSSEC failed somewhere upstream". If you're lucky, you might get something useful out of the authoritative server, but apparently not on Mondays.8 -
Successfully moved my server across the big pond - or so I thought.
Turns out that Vultr has newly acquired a IP range that was belonging to a ISP in Greece. So far so good. But, it existed on 6-7 blacklists, Vultr had failed to delegate the network to their rDNS, and my domain suffered from DNSSEC ( fuck DNSSEC )
After two days of complaining to Vultr because they did not believe me they finally fixed their shit. My domain did start working again from some reason that I dont know and the blacklists is being removed one by one.
The Circus ended with a beer on the balcony, I like beer 🍻🍻🍻9 -
The current finish of the whole network stuff is... exhausting.
We are in the finishing phase...
Like in the Simpsons:
Knife goes in, guts come out.
I've debugged today 4 h DNS...
One of the nodes - and the only node of 5 - didn't resolve one zone of many correctly.
It always tried to resolve via INet / Dot ...
So a _very_ special snowflake.
After going crazy... I decided to isolate the setup and increase verbosity for debugging.
It tourned out that the DNS server answered correctly - but was asked then again for a response by the defective node.
So I ripped out DNSSEC out from the DNS server, hoping the defective node would be fine with it.
Nope. It resolved then by itself via internet...
Well...
A lot of domain-insecure sprinkles later the defective node behaved correctly.
But why the fuck does _ONE_ single fucking stupid cunt machine decide to go rogue? Every node is equal....
It's just... Insane.
And reading the logs was insane too.
Top Tags
Weekly Rant
View