Jump to content

Load Balance In Combination With Opendns Issue Resolved


Recommended Posts

Posted

We have got several reports that Thailand based users with OpenDNS had issues reaching parts of Thaivisa.com during last week.

We have been able to isolate the issue to occur in the following circumstances as it relates only to some ISP's in Thailand:

1. Customer is using a Thai ISP access method that is transparently cached

2. Customer has the OpenDNS US based DNS servers configured

3. Customer attempts to access site that uses geographic load-balancing (via Akamai, thaivisa site for example)

Under the above circumstances, the customer was unlikely to be able to access the web site.

The explanation and root cause of the issue is as follows. Thaivisa.com uses a service similar to Akamai to serve its content:

1) Customer's PC looks up "thaivisa.com" against the OpenDNS DNS servers based in the US

2) thaivisa.com uses Akamai, and Akamai DNS servers. Hence the customer's DNS lookup goes to the OpenDNS DNS servers in the US, and these servers recursively look up "thaivisa.com" from the Akamai DNS servers. As Akamai uses geographic load-balancing they attempt to return the IPs of servers that "are close to the customer". Akamai use the source IP of the querying recursive DNS server (= OpenDNS US based servers in this instance) to determine what "close to the customer is". Normally this works fine, as most people use recursive DNS servers that are close to where they are. However, when Thailand based customers from some Thai ISP's use US based DNS servers (like OpenDNS), things break down a little, as US based server IPs are returned. (And they are obviously not close to the customer!) Hence, the Akamai DNS returns IP addresses of US based Akamai servers for thaivisa.com .

3) The customer's PC attempts to establish an HTTP connection with the US based Akamai servers. (Using the IP addresses returned by OpenDNS.)

4) The Thai ISP's transparent caches intercept the HTTP traffic. The transparent caches look up thaivisa.com against local DNS servers. As these DNS servers are in Thailand, Akamai correctly returns the IP addresses of our load balance server in Bangkok.

5) The caches attempt to connect to the Akamai servers nearest to Thailand to retrieve the web objects.

6) The Akamai servers sends return packets to the customers PC's (as this is the source IP of the incoming traffic). This is where the problem is. The return traffic should have gone to the caches and not to the customer's PC.

7) Caches time out

8) Customer's browser times out

Thai ISP's caches are situated on the Thai side of the international circuits and only attempt to cache international traffic. They expect that egress international HTTP traffic has return traffic coming back on the international circuits.

The issue with OpenDNS and Thai ISP's transparent caching in conjunction with geographically load-balanced sites, is that the traffic is initially sent internationally (due to lookups against US based OpenDNS servers) and then the caches sends the traffic back domestically (due to lookups against Thai based DNS servers). Due to this asymmetry, return traffic from the target web site do not reach the caches.

The above is unfortunate, as OpenDNS is an _excellent_ service.

This issue has been resolved, and we will serve Thai customers that uses Open DNS load balanced content from Singapore, as this will prevent issues with geographic load-balance.

If you are based in Thailand and using OpenDNS, this issue is now resolved, and you don't need to change anything.

Posted

Condo_bk,

Please issue this command in DOS window:

ipconfig /flushdns

Also please clean your browser cache/internet files?

Have you tried to browse the forum with another browser?

Please goto http://static.thaivisa.com

Do you get OLDIE (Singapore) or HOPE (Bangkok server)?

Posted
"ipconfig /flushdns" - returns "Could not flush the DNS Resolver Cache: Function failed during execution."

You need to get rid of your own DNS cache! It will work after that.

Posted

Temporary Solution

If want to see the forum images and still want to use OpenDNS, put the following line

202.170.126.89  static.thaivisa.com

in your hosts file at

 C:\WINDOWS\system32\drivers\etc\

and, refresh your browser. :)

Posted
Temporary Solution

If want to see the forum images and still want to use OpenDNS, put the following line

202.170.126.89  static.thaivisa.com

in your hosts file at

 C:\WINDOWS\system32\drivers\etc\

and, refresh your browser. :)

Thanks SoMeOnEnUlL,

Yes, this did a trick for me.

BTW, the Hosts file is Read-only (by default), so one must uncheck this in "Properties" prior to saving it.

Posted (edited)

I continue have have such an issue - and not just with Open DNS. The DOS command does not work in Windows 7 and the hosts file can not be modified by me as every time remove the read only it comes back - even after the caution box and confirming. Have just changed to TRUE DNS in modem but so far that has not solved anything either (yet) but will try a bit more.

Still getting Oldie.

And IE8 a total abortion with no left justification.

Edited by lopburi3
Posted
I continue have have such an issue - and not just with Open DNS. <snip>

Still getting Oldie.

<snip>

same issue here - OLDIE - despite change in the hosts

CSloxinfo DNS shows HOPE

Posted

I am about to give up - Firefox is using over 500 megs of memory I can not spare and crashing (seems to be a Firefox problem as have had memory issue for years). Switch to Chrome and good except now have lost unread markers so have no idea where last read post is anywhere. Switch to IE8 and format is so messed up to be unusable for TV. Can not resolve the DNS issue to get static to resolve to Hope and that seems to be the root cause.

Posted
I am about to give up - Firefox is using over 500 megs of memory I can not spare and crashing (seems to be a Firefox problem as have had memory issue for years). Switch to Chrome and good except now have lost unread markers so have no idea where last read post is anywhere. Switch to IE8 and format is so messed up to be unusable for TV. Can not resolve the DNS issue to get static to resolve to Hope and that seems to be the root cause.

which version is that FF?

Posted (edited)

OK. Have HOPE and access using the host file mod.

You have to open notepad as administration in properties regardless of how you have signed on in Windows 7. Then use the file menu in notepad to access the host file (will have to remove the .txt or nothing shows). Add the mod and save. Magic when you are a geek. Not fun for us mortals (age is showing).

It is the newest FF 3 version. But have had the memory issue in many and in three operating systems - seems to come and go and never get resolved. -

Edited by lopburi3
Posted

I also have problems with FF3.5.3 and previous versions. I can't use any addons.

In regards to "hosts" file, it can be easily accessed via Spybot S&D ( TOOLS > Hosts File ).

  • 4 weeks later...
Posted (edited)

As of today 10Nov-2009, on True ADSL , could not connect to update.microsoft.com on both XP-SP3 & Vista computers behind a router with OpenDNS servers installed. One needs to use only IE to get MS updates smoothly<grin>.

Only after enabling " obtain DNS automatically " on router (ie. remove the openDNS IP's fromrouter) was it possible to connect with microsoft update to get latest updates.

It seems True (+other iSPs) continue to block OpenDNS. Using the ISPs DNS servers seems to solve this issue.

Is anyone in Bangkok using OpenDNS on routers (ie not using theor ISP's DNS servers) still able to get MS updates today ?

Thanks

Indi

Edited by Indi
  • 2 weeks later...
Posted (edited)

I'm having a problem of partial content showing again.

"ipconfig /flushdns" - do not help.

http://static.thaivisa.com brings "OLDIE".

My hosts file contains --> 202.170.126.89 static.thaivisa.com

=====

Could it be that this issue somehow affect my ability to access Windows Update site?

While there I'm getting an Error number: 0x80072EFF.

P.S.

I just noticed that Indi had the same problem. Any solutions?

Edited by Condo_bk
  • 2 weeks later...
Posted

Don't think this is fully resolved yet gents. Currently using OpenDNS with true and none of the images from http://static.thaivisa.com are loading. Only noticed recently as I've stopped using my UK VPN.

When browsing to the above URL I see "OLDIE".

Guess you'll be able to see what ISP / IP I'm using from my posts.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...