Jump to content

Load Balance In Combination With Opendns Issue Resolved


george

Recommended Posts

We have got several reports that Thailand based users with OpenDNS had issues reaching parts of Thaivisa.com during last week.

We have been able to isolate the issue to occur in the following circumstances as it relates only to some ISP's in Thailand:

1. Customer is using a Thai ISP access method that is transparently cached

2. Customer has the OpenDNS US based DNS servers configured

3. Customer attempts to access site that uses geographic load-balancing (via Akamai, thaivisa site for example)

Under the above circumstances, the customer was unlikely to be able to access the web site.

The explanation and root cause of the issue is as follows. Thaivisa.com uses a service similar to Akamai to serve its content:

1) Customer's PC looks up "thaivisa.com" against the OpenDNS DNS servers based in the US

2) thaivisa.com uses Akamai, and Akamai DNS servers. Hence the customer's DNS lookup goes to the OpenDNS DNS servers in the US, and these servers recursively look up "thaivisa.com" from the Akamai DNS servers. As Akamai uses geographic load-balancing they attempt to return the IPs of servers that "are close to the customer". Akamai use the source IP of the querying recursive DNS server (= OpenDNS US based servers in this instance) to determine what "close to the customer is". Normally this works fine, as most people use recursive DNS servers that are close to where they are. However, when Thailand based customers from some Thai ISP's use US based DNS servers (like OpenDNS), things break down a little, as US based server IPs are returned. (And they are obviously not close to the customer!) Hence, the Akamai DNS returns IP addresses of US based Akamai servers for thaivisa.com .

3) The customer's PC attempts to establish an HTTP connection with the US based Akamai servers. (Using the IP addresses returned by OpenDNS.)

4) The Thai ISP's transparent caches intercept the HTTP traffic. The transparent caches look up thaivisa.com against local DNS servers. As these DNS servers are in Thailand, Akamai correctly returns the IP addresses of our load balance server in Bangkok.

5) The caches attempt to connect to the Akamai servers nearest to Thailand to retrieve the web objects.

6) The Akamai servers sends return packets to the customers PC's (as this is the source IP of the incoming traffic). This is where the problem is. The return traffic should have gone to the caches and not to the customer's PC.

7) Caches time out

8) Customer's browser times out

Thai ISP's caches are situated on the Thai side of the international circuits and only attempt to cache international traffic. They expect that egress international HTTP traffic has return traffic coming back on the international circuits.

The issue with OpenDNS and Thai ISP's transparent caching in conjunction with geographically load-balanced sites, is that the traffic is initially sent internationally (due to lookups against US based OpenDNS servers) and then the caches sends the traffic back domestically (due to lookups against Thai based DNS servers). Due to this asymmetry, return traffic from the target web site do not reach the caches.

The above is unfortunate, as OpenDNS is an _excellent_ service.

This issue has been resolved, and we will serve Thai customers that uses Open DNS load balanced content from Singapore, as this will prevent issues with geographic load-balance.

If you are based in Thailand and using OpenDNS, this issue is now resolved, and you don't need to change anything.

Link to comment
Share on other sites

Temporary Solution

If want to see the forum images and still want to use OpenDNS, put the following line

202.170.126.89  static.thaivisa.com

in your hosts file at

 C:\WINDOWS\system32\drivers\etc\

and, refresh your browser. :)

Thanks SoMeOnEnUlL,

Yes, this did a trick for me.

BTW, the Hosts file is Read-only (by default), so one must uncheck this in "Properties" prior to saving it.

Link to comment
Share on other sites

I continue have have such an issue - and not just with Open DNS. The DOS command does not work in Windows 7 and the hosts file can not be modified by me as every time remove the read only it comes back - even after the caution box and confirming. Have just changed to TRUE DNS in modem but so far that has not solved anything either (yet) but will try a bit more.

Still getting Oldie.

And IE8 a total abortion with no left justification.

Edited by lopburi3
Link to comment
Share on other sites

I am about to give up - Firefox is using over 500 megs of memory I can not spare and crashing (seems to be a Firefox problem as have had memory issue for years). Switch to Chrome and good except now have lost unread markers so have no idea where last read post is anywhere. Switch to IE8 and format is so messed up to be unusable for TV. Can not resolve the DNS issue to get static to resolve to Hope and that seems to be the root cause.

Link to comment
Share on other sites

I am about to give up - Firefox is using over 500 megs of memory I can not spare and crashing (seems to be a Firefox problem as have had memory issue for years). Switch to Chrome and good except now have lost unread markers so have no idea where last read post is anywhere. Switch to IE8 and format is so messed up to be unusable for TV. Can not resolve the DNS issue to get static to resolve to Hope and that seems to be the root cause.

which version is that FF?

Link to comment
Share on other sites

OK. Have HOPE and access using the host file mod.

You have to open notepad as administration in properties regardless of how you have signed on in Windows 7. Then use the file menu in notepad to access the host file (will have to remove the .txt or nothing shows). Add the mod and save. Magic when you are a geek. Not fun for us mortals (age is showing).

It is the newest FF 3 version. But have had the memory issue in many and in three operating systems - seems to come and go and never get resolved. -

Edited by lopburi3
Link to comment
Share on other sites

  • 4 weeks later...

As of today 10Nov-2009, on True ADSL , could not connect to update.microsoft.com on both XP-SP3 & Vista computers behind a router with OpenDNS servers installed. One needs to use only IE to get MS updates smoothly<grin>.

Only after enabling " obtain DNS automatically " on router (ie. remove the openDNS IP's fromrouter) was it possible to connect with microsoft update to get latest updates.

It seems True (+other iSPs) continue to block OpenDNS. Using the ISPs DNS servers seems to solve this issue.

Is anyone in Bangkok using OpenDNS on routers (ie not using theor ISP's DNS servers) still able to get MS updates today ?

Thanks

Indi

Edited by Indi
Link to comment
Share on other sites

  • 2 weeks later...

I'm having a problem of partial content showing again.

"ipconfig /flushdns" - do not help.

http://static.thaivisa.com brings "OLDIE".

My hosts file contains --> 202.170.126.89 static.thaivisa.com

=====

Could it be that this issue somehow affect my ability to access Windows Update site?

While there I'm getting an Error number: 0x80072EFF.

P.S.

I just noticed that Indi had the same problem. Any solutions?

Edited by Condo_bk
Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...