[AusNOG] issues connecting to verisign.com.au

Nick Savvides Nick_Savvides at symantec.com
Wed Jul 30 19:50:45 EST 2014


Thanks Alex,

I’ll add to ticket.

Nick.
 
-------------------------------------------------------
Nick Savvides,  Senior Principal Systems Engineer (Security)
nick_savvides at symantec.com, Mobile: +61 434 600 870
Please sponsor me in the 200km charity Ride To Conquer Cancer
http://ml14.conquercancer.org.au/site/TR/Events/Melbourne2014?px=1282304&pg=
personal&fr_id=1141


From:  Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com>
Date:  Wednesday, 30 July 2014 14:30
To:  "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
Subject:  Re: [AusNOG] issues connecting to verisign.com.au

Hi
 
 
All solved
 
2 things
·        Seems like it was an issue with our main transit provider (single
router takes out connectivity … for some reason can’t route around it ..)

·        Also it seems like Verisign don’t allow you to ping these servers …
all my tests on by backup links were with ping/tracert… bad assumption on my
part !

 
 
Alex
 

From: Alex Samad - Yieldbroker
Sent: Wednesday, 30 July 2014 10:26 AM
To: 'Joshua D'Alton'; Damien Gardner Jnr
Cc: ausnog at lists.ausnog.net
Subject: RE: [AusNOG] issues connecting to verisign.com.au
 
Strange thing is one of our guys can get to the site on their phone via
telstra.
 
A
 

From: Joshua D'Alton [mailto:joshua at railgun.com.au]
Sent: Wednesday, 30 July 2014 10:24 AM
To: Damien Gardner Jnr
Cc: Alex Samad - Yieldbroker; ausnog at lists.ausnog.net
Subject: Re: [AusNOG] issues connecting to verisign.com.au
 

Same subnet still, so not a routing issue unless they are doing some very
strange things on their side, I'd say it is the update as you listed +
symantec firewall waiting on an update/refresh.

 

On Wed, Jul 30, 2014 at 10:19 AM, Damien Gardner Jnr <rendrag at rendrag.net>
wrote:

That's interesting, perhaps they're in the process of changing something, as
I see www.verisign.com.au <http://www.verisign.com.au>  resolving to a
different IP..  Hard to tell if they have just changed something, as they
don't use the standard YYYYMMDDxx as their SOA serial :(

 

;; ANSWER SECTION:

www.verisign.com.au <http://www.verisign.com.au> . 3309 IN A 202.65.27.182
<tel:202.65.27.182>

;; ANSWER SECTION:

pki-admin.verisign.com.au <http://pki-admin.verisign.com.au> . 43 IN A
202.65.27.171 <tel:202.65.27.171>

 

On 30 July 2014 10:13, Joshua D'Alton <joshua at railgun.com.au> wrote:

CAN browse to http://www.verisign.com.au/   but not
pki-admin.verisign.com.au <http://pki-admin.verisign.com.au/>     but the
traceroutes are the same (obviously, same resolved IP 202.65.27.171
<tel:202.65.27.171> )

 

Router: Sydney 

Command: traceroute 202.65.27.171 <tel:202.65.27.171>

 

 

traceroute to 202.65.27.171 <tel:202.65.27.171> (202.65.27.171
<tel:%28202.65.27.171> ), 30 hops max, 60 byte packets

 1  vlan151.fwl01.syd04.nsw.vocus.net.au
<http://vlan151.fwl01.syd04.nsw.vocus.net.au>  (175.45.91.194)  0.342 ms
0.281 ms  0.284 ms

 2  ge-0-0-2-910.bdr02.syd04.nsw.VOCUS.net.au
<http://ge-0-0-2-910.bdr02.syd04.nsw.VOCUS.net.au>  (175.45.72.85)  0.336 ms
0.329 ms  0.431 ms

 3  ge-0-5-0-2.cor01.syd04.nsw.VOCUS.net.au
<http://ge-0-5-0-2.cor01.syd04.nsw.VOCUS.net.au>  (175.45.72.81)  0.931 ms
0.927 ms  1.063 ms

 4  ten-0-1-0.bdr03.syd03.nsw.VOCUS.net.au
<http://ten-0-1-0.bdr03.syd03.nsw.VOCUS.net.au>  (114.31.192.35)  0.675 ms
0.796 ms  0.655 ms

 5  p10026.syd.equinix.com <http://p10026.syd.equinix.com>  (202.167.228.44)
0.782 ms  0.781 ms  0.771 ms

 6  gi4-0-0.gw1.syd5.asianetcom.net <http://gi4-0-0.gw1.syd5.asianetcom.net>
(202.147.55.96)  1.749 ms  1.770 ms  1.875 ms

 7  gi2-0-0.gw1.mel4.asianetcom.net <http://gi2-0-0.gw1.mel4.asianetcom.net>
(202.147.42.201)  15.128 ms  14.076 ms  14.060 ms

 8  VSN-0003.gw1.mel1.asianetcom.net
<http://VSN-0003.gw1.mel1.asianetcom.net>  (203.192.130.150)  17.765 ms
17.765 ms  17.759 ms

 9  202.65.21.202 (202.65.21.202)  15.810 ms !X * *

 

Router: Sydney 

Command: show ip bgp 202.65.27.171 <tel:202.65.27.171>

 

 

BGP routing table entry for 202.65.27.0/24 <http://202.65.27.0/24>

Paths: (1 available, best #1, table Default-IP-Routing-Table)

  Not advertised to any peer

  10026 17812 17812 17812 17812 64001

    114.31.192.11 from 175.45.72.8 (114.31.192.11)

      Origin incomplete, metric 0, localpref 320, valid, internal, best

      Community: 4826:5203 (NSW site 3) 4826:6500

      Originator: 114.31.192.11, Cluster list: 175.45.72.8 114.31.192.21

      Last update: Tue Jul 29 18:34:26 2014

 

Probably raise it with verisign, or symantec/AS17812   maybe a firewall
issue if they using symantec firewall product?

 

On Wed, Jul 30, 2014 at 9:53 AM, Alex Samad - Yieldbroker
<Alex.Samad at yieldbroker.com> wrote:
Hi

Wondering if anyone else if having issues with  202.65.27.171
<tel:202.65.27.171>  (pki-admin.verisign.com.au
<http://pki-admin.verisign.com.au> )


2. 202.74.32.66    
0.0%    46    0.6   0.6   0.5   0.9   0.1
 3. 203.161.153.217
0.0%    46    0.9   7.9   0.8 114.5  20.8
 4. 121.101.138.212
0.0%    46   10.2  10.4  10.2  12.0   0.3
 5. 121.101.138.171
0.0%    46   49.1  12.1  10.2  53.3   8.4
 6. 121.101.138.205
0.0%    46   10.3  12.6  10.3  62.5   9.9
 7. ???

I tried this on pipe and vocus and internode, but it seems to be available
via Vodafone ??

A
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
 

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


 
-- 

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
 We ran to the sounds of thunder.
We danced among the lightning bolts,
 and tore the world asunder

 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140730/216a9d5c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5192 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140730/216a9d5c/attachment-0001.bin>


More information about the AusNOG mailing list