Load Balance In Combination With Opendns Issue Resolved

[george]

We have got several reports that Thailand based users with OpenDNS had issues reaching parts of Thaivisa.com during last week.

We have been able to isolate the issue to occur in the following circumstances as it relates only to some ISP's in Thailand:

1. Customer is using a Thai ISP access method that is transparently cached

2. Customer has the OpenDNS US based DNS servers configured

3. Customer attempts to access site that uses geographic load-balancing (via Akamai, thaivisa site for example)

Under the above circumstances, the customer was unlikely to be able to access the web site.

The explanation and root cause of the issue is as follows. Thaivisa.com uses a service similar to Akamai to serve its content:

1) Customer's PC looks up "thaivisa.com" against the OpenDNS DNS servers based in the US

2) thaivisa.com uses Akamai, and Akamai DNS servers. Hence the customer's DNS lookup goes to the OpenDNS DNS servers in the US, and these servers recursively look up "thaivisa.com" from the Akamai DNS servers. As Akamai uses geographic load-balancing they attempt to return the IPs of servers that "are close to the customer". Akamai use the source IP of the querying recursive DNS server (= OpenDNS US based servers in this instance) to determine what "close to the customer is". Normally this works fine, as most people use recursive DNS servers that are close to where they are. However, when Thailand based customers from some Thai ISP's use US based DNS servers (like OpenDNS), things break down a little, as US based server IPs are returned. (And they are obviously not close to the customer!) Hence, the Akamai DNS returns IP addresses of US based Akamai servers for thaivisa.com .

3) The customer's PC attempts to establish an HTTP connection with the US based Akamai servers. (Using the IP addresses returned by OpenDNS.)

4) The Thai ISP's transparent caches intercept the HTTP traffic. The transparent caches look up thaivisa.com against local DNS servers. As these DNS servers are in Thailand, Akamai correctly returns the IP addresses of our load balance server in Bangkok.

5) The caches attempt to connect to the Akamai servers nearest to Thailand to retrieve the web objects.

6) The Akamai servers sends return packets to the customers PC's (as this is the source IP of the incoming traffic). This is where the problem is. The return traffic should have gone to the caches and not to the customer's PC.

7) Caches time out

8) Customer's browser times out

Thai ISP's caches are situated on the Thai side of the international circuits and only attempt to cache international traffic. They expect that egress international HTTP traffic has return traffic coming back on the international circuits.

The issue with OpenDNS and Thai ISP's transparent caching in conjunction with geographically load-balanced sites, is that the traffic is initially sent internationally (due to lookups against US based OpenDNS servers) and then the caches sends the traffic back domestically (due to lookups against Thai based DNS servers). Due to this asymmetry, return traffic from the target web site do not reach the caches.

The above is unfortunate, as OpenDNS is an _excellent_ service.

This issue has been resolved, and we will serve Thai customers that uses Open DNS load balanced content from Singapore, as this will prevent issues with geographic load-balance.

If you are based in Thailand and using OpenDNS, this issue is now resolved, and you don't need to change anything.

[MikeWill]

I'm on TRUE with the OpenDNS, and as of today, still have a problem.

[george]

Condo_bk,

Please issue this command in DOS window:

ipconfig /flushdns

Also please clean your browser cache/internet files?

Have you tried to browse the forum with another browser?

Please goto http://static.thaivisa.com

Do you get OLDIE (Singapore) or HOPE (Bangkok server)?

[MikeWill]

"ipconfig /flushdns" - returns "Could not flush the DNS Resolver Cache: Function failed during execution."

another browsers - the same problem

http://static.thaivisa.com - OLDIE

[SoMeOnEnUlL]

With TRUE and OpenDNS, I am getting HOPE when I browse static.thaivisa.com and all the images are loading.. Thanks

[george]

"ipconfig /flushdns" - returns "Could not flush the DNS Resolver Cache: Function failed during execution."

You need to get rid of your own DNS cache! It will work after that.

[SoMeOnEnUlL]

Hmm.. It was working yesterday.. Now, I am getting Oldie again and not loading images..

[MikeWill]

I have successfully flushed my DNS cache!

To help those with the "ipconfig /flushdns" problem - refer to http://support.microsoft.com/kb/919746.

I'll need to reboot in order to see if it working. Let you know ASAP.

[MikeWill]

Even so I flushed my DNS cache, the problem with images is not resolved completely. Some are loading, but it takes waiting forever. On some I see their placement squares with the red "X" mark.

When clicked on http://static.thaivisa.com/ - I get OLDIE.

[SoMeOnEnUlL]

Temporary Solution

If want to see the forum images and still want to use OpenDNS, put the following line

202.170.126.89  static.thaivisa.com

in your hosts file at

 C:\WINDOWS\system32\drivers\etc\

and, refresh your browser.

[MikeWill]

Temporary Solution

If want to see the forum images and still want to use OpenDNS, put the following line

202.170.126.89  static.thaivisa.com

in your hosts file at

 C:\WINDOWS\system32\drivers\etc\

and, refresh your browser.

Thanks SoMeOnEnUlL,

Yes, this did a trick for me.

BTW, the Hosts file is Read-only (by default), so one must uncheck this in "Properties" prior to saving it.

[MikeWill]

Oops!

It worked OK for awhile, and suddenly... the images stop showing again!

But, when clicking on http://static.thaivisa.com/ - I get HOPE.

[MikeWill]

now it is working without a glitch, as it should!

[george]

OK, great.

I'll keep an eye in support and see if other users having the same issue, so far none as I know of.

[lopburi3]

I continue have have such an issue - and not just with Open DNS. The DOS command does not work in Windows 7 and the hosts file can not be modified by me as every time remove the read only it comes back - even after the caution box and confirming. Have just changed to TRUE DNS in modem but so far that has not solved anything either (yet) but will try a bit more.

Still getting Oldie.

And IE8 a total abortion with no left justification.

Edited October 16, 2009 by lopburi3

[webfact]

I continue have have such an issue - and not just with Open DNS. <snip>

Still getting Oldie.

<snip>

same issue here - OLDIE - despite change in the hosts

CSloxinfo DNS shows HOPE

[shriah]

Still have issue using OpenDns . I am using Ubuntu , tried refreshing the DNS daemon no luck.

[webfact]

openDNS is now working for me with the settings in the hosts file.

Flushed dns and restarted router and computer.

... I got some HOPE

[lopburi3]

I am about to give up - Firefox is using over 500 megs of memory I can not spare and crashing (seems to be a Firefox problem as have had memory issue for years). Switch to Chrome and good except now have lost unread markers so have no idea where last read post is anywhere. Switch to IE8 and format is so messed up to be unusable for TV. Can not resolve the DNS issue to get static to resolve to Hope and that seems to be the root cause.

[webfact]

I am about to give up - Firefox is using over 500 megs of memory I can not spare and crashing (seems to be a Firefox problem as have had memory issue for years). Switch to Chrome and good except now have lost unread markers so have no idea where last read post is anywhere. Switch to IE8 and format is so messed up to be unusable for TV. Can not resolve the DNS issue to get static to resolve to Hope and that seems to be the root cause.

which version is that FF?

[lopburi3]

OK. Have HOPE and access using the host file mod.

You have to open notepad as administration in properties regardless of how you have signed on in Windows 7. Then use the file menu in notepad to access the host file (will have to remove the .txt or nothing shows). Add the mod and save. Magic when you are a geek. Not fun for us mortals (age is showing).

It is the newest FF 3 version. But have had the memory issue in many and in three operating systems - seems to come and go and never get resolved. -

Edited October 18, 2009 by lopburi3

[MikeWill]

I also have problems with FF3.5.3 and previous versions. I can't use any addons.

In regards to "hosts" file, it can be easily accessed via Spybot S&D ( TOOLS > Hosts File ).

[Indi]

As of today 10Nov-2009, on True ADSL , could not connect to update.microsoft.com on both XP-SP3 & Vista computers behind a router with OpenDNS servers installed. One needs to use only IE to get MS updates smoothly<grin>.

Only after enabling " obtain DNS automatically " on router (ie. remove the openDNS IP's fromrouter) was it possible to connect with microsoft update to get latest updates.

It seems True (+other iSPs) continue to block OpenDNS. Using the ISPs DNS servers seems to solve this issue.

Is anyone in Bangkok using OpenDNS on routers (ie not using theor ISP's DNS servers) still able to get MS updates today ?

Thanks

Indi

Edited November 10, 2009 by Indi

[MikeWill]

I'm having a problem of partial content showing again.

"ipconfig /flushdns" - do not help.

http://static.thaivisa.com brings "OLDIE".

My hosts file contains --> 202.170.126.89 static.thaivisa.com

=====

Could it be that this issue somehow affect my ability to access Windows Update site?

While there I'm getting an Error number: 0x80072EFF.

P.S.

I just noticed that Indi had the same problem. Any solutions?

Edited November 22, 2009 by Condo_bk

[Insight]

Don't think this is fully resolved yet gents. Currently using OpenDNS with true and none of the images from http://static.thaivisa.com are loading. Only noticed recently as I've stopped using my UK VPN.

When browsing to the above URL I see "OLDIE".

Guess you'll be able to see what ISP / IP I'm using from my posts.