[AusNOG] issues connecting to verisign.com.au
Nick Savvides
Nick_Savvides at symantec.com
Wed Jul 30 19:50:45 EST 2014
Thanks Alex,
I’ll add to ticket.
Nick.
-------------------------------------------------------
Nick Savvides, Senior Principal Systems Engineer (Security)
nick_savvides at symantec.com, Mobile: +61 434 600 870
Please sponsor me in the 200km charity Ride To Conquer Cancer
http://ml14.conquercancer.org.au/site/TR/Events/Melbourne2014?px=1282304&pg=
personal&fr_id=1141
From: Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com>
Date: Wednesday, 30 July 2014 14:30
To: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] issues connecting to verisign.com.au
Hi
All solved
2 things
· Seems like it was an issue with our main transit provider (single
router takes out connectivity … for some reason can’t route around it ..)
· Also it seems like Verisign don’t allow you to ping these servers …
all my tests on by backup links were with ping/tracert… bad assumption on my
part !
Alex
From: Alex Samad - Yieldbroker
Sent: Wednesday, 30 July 2014 10:26 AM
To: 'Joshua D'Alton'; Damien Gardner Jnr
Cc: ausnog at lists.ausnog.net
Subject: RE: [AusNOG] issues connecting to verisign.com.au
Strange thing is one of our guys can get to the site on their phone via
telstra.
A
From: Joshua D'Alton [mailto:joshua at railgun.com.au]
Sent: Wednesday, 30 July 2014 10:24 AM
To: Damien Gardner Jnr
Cc: Alex Samad - Yieldbroker; ausnog at lists.ausnog.net
Subject: Re: [AusNOG] issues connecting to verisign.com.au
Same subnet still, so not a routing issue unless they are doing some very
strange things on their side, I'd say it is the update as you listed +
symantec firewall waiting on an update/refresh.
On Wed, Jul 30, 2014 at 10:19 AM, Damien Gardner Jnr <rendrag at rendrag.net>
wrote:
That's interesting, perhaps they're in the process of changing something, as
I see www.verisign.com.au <http://www.verisign.com.au> resolving to a
different IP.. Hard to tell if they have just changed something, as they
don't use the standard YYYYMMDDxx as their SOA serial :(
;; ANSWER SECTION:
www.verisign.com.au <http://www.verisign.com.au> . 3309 IN A 202.65.27.182
<tel:202.65.27.182>
;; ANSWER SECTION:
pki-admin.verisign.com.au <http://pki-admin.verisign.com.au> . 43 IN A
202.65.27.171 <tel:202.65.27.171>
On 30 July 2014 10:13, Joshua D'Alton <joshua at railgun.com.au> wrote:
CAN browse to http://www.verisign.com.au/ but not
pki-admin.verisign.com.au <http://pki-admin.verisign.com.au/> but the
traceroutes are the same (obviously, same resolved IP 202.65.27.171
<tel:202.65.27.171> )
Router: Sydney
Command: traceroute 202.65.27.171 <tel:202.65.27.171>
traceroute to 202.65.27.171 <tel:202.65.27.171> (202.65.27.171
<tel:%28202.65.27.171> ), 30 hops max, 60 byte packets
1 vlan151.fwl01.syd04.nsw.vocus.net.au
<http://vlan151.fwl01.syd04.nsw.vocus.net.au> (175.45.91.194) 0.342 ms
0.281 ms 0.284 ms
2 ge-0-0-2-910.bdr02.syd04.nsw.VOCUS.net.au
<http://ge-0-0-2-910.bdr02.syd04.nsw.VOCUS.net.au> (175.45.72.85) 0.336 ms
0.329 ms 0.431 ms
3 ge-0-5-0-2.cor01.syd04.nsw.VOCUS.net.au
<http://ge-0-5-0-2.cor01.syd04.nsw.VOCUS.net.au> (175.45.72.81) 0.931 ms
0.927 ms 1.063 ms
4 ten-0-1-0.bdr03.syd03.nsw.VOCUS.net.au
<http://ten-0-1-0.bdr03.syd03.nsw.VOCUS.net.au> (114.31.192.35) 0.675 ms
0.796 ms 0.655 ms
5 p10026.syd.equinix.com <http://p10026.syd.equinix.com> (202.167.228.44)
0.782 ms 0.781 ms 0.771 ms
6 gi4-0-0.gw1.syd5.asianetcom.net <http://gi4-0-0.gw1.syd5.asianetcom.net>
(202.147.55.96) 1.749 ms 1.770 ms 1.875 ms
7 gi2-0-0.gw1.mel4.asianetcom.net <http://gi2-0-0.gw1.mel4.asianetcom.net>
(202.147.42.201) 15.128 ms 14.076 ms 14.060 ms
8 VSN-0003.gw1.mel1.asianetcom.net
<http://VSN-0003.gw1.mel1.asianetcom.net> (203.192.130.150) 17.765 ms
17.765 ms 17.759 ms
9 202.65.21.202 (202.65.21.202) 15.810 ms !X * *
Router: Sydney
Command: show ip bgp 202.65.27.171 <tel:202.65.27.171>
BGP routing table entry for 202.65.27.0/24 <http://202.65.27.0/24>
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
10026 17812 17812 17812 17812 64001
114.31.192.11 from 175.45.72.8 (114.31.192.11)
Origin incomplete, metric 0, localpref 320, valid, internal, best
Community: 4826:5203 (NSW site 3) 4826:6500
Originator: 114.31.192.11, Cluster list: 175.45.72.8 114.31.192.21
Last update: Tue Jul 29 18:34:26 2014
Probably raise it with verisign, or symantec/AS17812 maybe a firewall
issue if they using symantec firewall product?
On Wed, Jul 30, 2014 at 9:53 AM, Alex Samad - Yieldbroker
<Alex.Samad at yieldbroker.com> wrote:
Hi
Wondering if anyone else if having issues with 202.65.27.171
<tel:202.65.27.171> (pki-admin.verisign.com.au
<http://pki-admin.verisign.com.au> )
2. 202.74.32.66
0.0% 46 0.6 0.6 0.5 0.9 0.1
3. 203.161.153.217
0.0% 46 0.9 7.9 0.8 114.5 20.8
4. 121.101.138.212
0.0% 46 10.2 10.4 10.2 12.0 0.3
5. 121.101.138.171
0.0% 46 49.1 12.1 10.2 53.3 8.4
6. 121.101.138.205
0.0% 46 10.3 12.6 10.3 62.5 9.9
7. ???
I tried this on pipe and vocus and internode, but it seems to be available
via Vodafone ??
A
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
--
Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net - http://www.rendrag.net/
--
We rode on the winds of the rising storm,
We ran to the sounds of thunder.
We danced among the lightning bolts,
and tore the world asunder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140730/216a9d5c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5192 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140730/216a9d5c/attachment-0001.bin>
More information about the AusNOG
mailing list