dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
10

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen to IPfaxer

Premium Member

to IPfaxer

Re: CC Disaster

said by IPfaxer:

Yes, my status on their portal is not registered and my ATAs and softphone confirm unregistered. Switch to someone else's internet connection and they work. Really puzzling. Nothing changed on my network or internet connection.

Maybe it could help changing the DNS to 216.254.95.2 and 216.231.41.2.
IPfaxer
join:2010-10-24

IPfaxer

Member

Yes tried using those DNS settings directly. No change. No registration. My ATAs and soft phone gets to Callcentric but then response is authentication failed. So, yes, tried those DNS servers and also my typical ones which are Google and Verizon's DNS. No change. For example, tracerouting using Google DNS for Callcentric brings up IP address 204.11.192.39 (and says they have multiple addresses - which is normal). Really puzzling
gweidenh
join:2002-05-18
Houston, TX

1 recommendation

gweidenh to Arne Bolen

Member

to Arne Bolen
Callcentric have (wisely) changed their DNS reply to be 425 bytes thus it will fit within a single UDP packet response.

Using specific DNS servers should no longer be required (at least with their current SRV records)

garys_2k
Premium Member
join:2004-05-07
Farmington, MI

garys_2k

Premium Member

said by gweidenh:

Callcentric have (wisely) changed their DNS reply to be 425 bytes thus it will fit within a single UDP packet response.

Using specific DNS servers should no longer be required (at least with their current SRV records)

When did they do this? I ask because possibly the longer records were the shource of my PAP2's reboot issue.
gweidenh
join:2002-05-18
Houston, TX

gweidenh

Member

I do not know exactly when. I checked this morning based on Iscream's response about changing their DNS SRV weighting.

I am talking specifically about the srv.callcentric.com records.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen

Premium Member

said by gweidenh:

I am talking specifically about the srv.callcentric.com records.

It's the same with the callcentric.com records.
DBOD
join:2012-10-17

DBOD to gweidenh

Member

to gweidenh
This happened sometime in the last 10 hours. Both the callcentric.com and srv.callcentric.com are returning shortened records. They probably did this because too many user agents were not processing it correctly. It appears that they also added non zero weights to the srv.callcentric.com answers. This does not work with my 3CX system so I use the callcentric.com port 0 and it seems to be working okay this morning.

Davesnothere
Change is NOT Necessarily Progress
Premium Member
join:2009-06-15
Canada

1 edit

Davesnothere to gweidenh

Premium Member

to gweidenh
said by gweidenh:

I do not know exactly when. I checked this morning based on Iscream's response about changing their DNS SRV weighting.

I am talking specifically about the srv.callcentric.com records.

 
Yes, I too noticed that change at that same period, and was meaning to ask wassup - now has less servers in the response for srv.callcentric.com - though I had not suffered registration problems yesTURDay.

Also, all of the weights on that are set to 30 now.

At that time, the 'A' record (callcentric.com) reply was still longer and all weights still at ZERO.

EDIT : Actually, it was shorter than it USED to be, but longer than the reply for SRV.

SRV now shows 9 servers, and 'A' shows a total of 11 today.

garys_2k
Premium Member
join:2004-05-07
Farmington, MI

garys_2k to DBOD

Premium Member

to DBOD
said by DBOD:

This happened sometime in the last 10 hours. Both the callcentric.com and srv.callcentric.com are returning shortened records. They probably did this because too many user agents were not processing it correctly. It appears that they also added non zero weights to the srv.callcentric.com answers. This does not work with my 3CX system so I use the callcentric.com port 0 and it seems to be working okay this morning.

Thanks, I'll re-try my ATA registration with them to see if I stell get automatic reboots. I'd REALLY like to stick with the SRV SBCs in order to be more insulated from the DDoS issue.

Davesnothere
Change is NOT Necessarily Progress
Premium Member
join:2009-06-15
Canada

Davesnothere to gweidenh

Premium Member

to gweidenh
said by gweidenh:

Callcentric have (wisely) changed their DNS reply to be 425 bytes thus it will fit within a single UDP packet response.

Using specific DNS servers should no longer be required (at least with their current SRV records)

 
This needed emphasis and repeating, IMNSHO.
Iscream
Premium Member
join:2009-02-17
New York, NY

Iscream to Davesnothere

Premium Member

to Davesnothere
Dave - "A" records don't have "weights", they have only IP addresses; that's a whole "problem" with them. On another hand - "SRV" records don't have IP addresses, but they resolve to different names (where each name may have multiple IP addresses), different priorities and different weights. This [SRV] mechanism allows for redundancy (including so beloved here - geo-redundancy) on multiple levels, it allows a granular prioritization of serving components (servers) including further prioritization within a group of equal servers - this is controlled by weights.

The result is an ability to protect from DoS and DDOS attacks by creating a huge capacity of fast moving targets changing their parameters quickly in "invisibly" for attackers by replacing actual serving, but currently [over]loaded computers, in real time, within milliseconds, with fresh and not loaded ones while allowing the former keep processing earlier started requests and dialogs.

Also the result is an ability to have a self-healing farm of servers where any server may go south (die) at any moment without affecting any devices working with that farm. The farm may have servers co-located within same room or groups of servers spread geographically (provided all distributed servers have equal resources Internet-wise - same sufficient bandwidth, same speed and same access to originating and terminating carriers which is not the easiest and rather literally and largely impossible part for most today's providers - this is why I'm so against geo-redundancy, but I'll stop on that again later).

Davesnothere
Change is NOT Necessarily Progress
Premium Member
join:2009-06-15
Canada

3 edits

1 recommendation

Davesnothere

Premium Member

said by Iscream:

....The result is an ability to protect from DoS and DDOS attacks by creating a huge capacity of fast moving targets, changing their parameters quickly in "invisibly" for attackers by replacing actual serving, but currently [over]loaded computers, in real time, within milliseconds, with fresh and not loaded ones while allowing the former keep processing earlier started requests and dialogs....

 
I see.

This reminds me of that old arcade game at county fairs where you shoot at the ducks and knock them down.

However, there always seem to be more ducks to replace them - maybe even the SAME ducks - but we cannot see what happens below the deck, and it really does not matter, as long as more ducks come into the sight of the rifle.

EDIT : Please note that in this example, WE play the part of the attackers, and no matter how many ducks we knock down, there always seem to be more.
Iscream
Premium Member
join:2009-02-17
New York, NY

Iscream to Davesnothere

Premium Member

to Davesnothere
That's right - during last couple days we have done some major and dramatic changes to our network's perimeter, processing power and "garbage" utilization while allowing our SBCs' CPU power to do the job they were designed to do).

All those measures together allowed us to reduce number of SRV records per returned result thus going back into "unbuggy" (if I can say it this way - like "undead" ) area of all those UAs which stopped performing when caused to use TCP for larger buffers which in turn caused many devices to reboot.

No need to use any specific DN servers anymore - anything goes - any DNS settings, any "A" or "SRV" settings, any devices may go back to older setting or keep whatever worked in past or works now.

I may only still recommend to use SRV settings or at least try to configure them because of above, earlier listed reasons related to specific "features" which may be used (and already used by our implementation) by providers for great increase in reliability, resiliency thus catering to better security and [what else?] - geographical and local redundancy.

Davesnothere
Change is NOT Necessarily Progress
Premium Member
join:2009-06-15
Canada

1 edit

Davesnothere

Premium Member

said by Iscream:

....No need to use any specific DN servers anymore - anything goes - any DNS settings, any "A" or "SRV" settings, any devices may go back to older setting or keep whatever worked in past or works now.

I may only still recommend to use SRV settings or at least try to configure them because of above, earlier listed reasons related to specific "features" which may be used (and already used by our implementation) by providers for great increase in reliability, resiliency thus catering to better security and [what else?] - geographical and local redundancy.

 
Plus Fort (Louder) - Bold Text....

Yes, the shorter DNS records seem like a better way - at least for now.
Iscream
Premium Member
join:2009-02-17
New York, NY

Iscream to Davesnothere

Premium Member

to Davesnothere
I'd say - it reminds a game/screen-saver/trojan-virus where an entire screen surface quickly populates with cockroaches getting from anywhere where you're required to knock them down by either mouse or fingernail, but they keep coming in, more and more... until you use something like DDT or just remove the software that irritates your mind )
OmagicQ
Posting in a thread near you
join:2003-10-23
Bakersfield, CA

1 recommendation

OmagicQ to Iscream

Member

to Iscream
said by Iscream:

... The farm may have servers co-located within same room or groups of servers spread geographically (provided all distributed servers have equal resources Internet-wise - same sufficient bandwidth, same speed and same access to originating and terminating carriers which is not the easiest and rather literally and largely impossible part for most today's providers - this is why I'm so against geo-redundancy, but I'll stop on that again later).

Really...How very interesting....