Problems on Kimsufi / Routing Hickups

fLoo · December 2021

I was one of the lucky ones to catch a BF Kimsufi server. Unfortunatly the routing seems to be broken somewhat so i'm asking for help as i've not used Kimsufi / OVH for quite a while:

Let me quote my interfaces:

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto eno1
iface eno1 inet static
        address 188.165.192.X/24
        broadcast 188.165.192.255
        gateway 188.165.192.254

iface eno1 inet6 static
        address 2001:41d0:2:8XXX::1/64
        gateway 2001:41d0:2:8Xff:ff:ff:ff:ff

System has been setup deboostrapped (clear install). Pings feel SUPER laggy. Until the first pings answer / ipv6 works takes super long until IPv6 starts working. IPv4 is a bit better but still feels "laggy". When i have a permanent ping run in the background it becomes a bit better but nothing like it should be:

root@test:~# time ping heise.de
PING heise.de(redirector.heise.de (2a02:2e0:3fe:1001:302::)) 56 data bytes
64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=1 ttl=54 time=8.53 ms
64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=2 ttl=54 time=8.55 ms
64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=3 ttl=54 time=8.55 ms
^C
--- heise.de ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3040ms
rtt min/avg/max/mdev = 8.530/8.544/8.552/0.009 ms

real    0m4,480s
user    0m0,000s
sys     0m0,003s

Here is an even better example. 1 ping goes out in 5!! seconds:

root@test:~# time ping heise.de -4
PING  (193.99.144.80) 56(84) bytes of data.
64 bytes from redirector.heise.de (193.99.144.80): icmp_seq=1 ttl=243 time=8.69 ms
^C64 bytes from 193.99.144.80: icmp_seq=2 ttl=243 time=8.55 ms

---  ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 8.548/8.620/8.692/0.072 ms

real    0m5,176s
user    0m0,004s
sys     0m0,000s

Shot2 · December 2021

There's nothing abnormal in having 8ms between France and Germany.

If the first ping reply takes too long to your taste, try and ping the IP rather than the hostname, you'll save some (milli)seconds waiting for dns resolution.

fLoo · December 2021

@Shot2 said:
There's nothing abnormal in having 8ms between France and Germany.

If the first ping reply takes too long to your taste, try and ping the IP rather than the hostname, you'll save some (milli)seconds waiting for dns resolution.

Nah not really. This is no normal behavior. The problem is not dns related so it makes no difference if i use the IP instead. I was not talking about the RTT, i was talking about until the routing works and the first pings leave the server.

Update: Okay, the problem was on my side actually. I've been using Cloudflare as DNS and that indeed caused massive problems. I have no clue whatsoever. Could anyone of you please check with Cloudflare dns (1.1.1.1) if you experience the same problems?

Problems were solved once i switched back to Quad9 DNS (9.9.9.9)

fredo1664 · December 2021

For what it's worth, from my KS-LE, Cloudflare (1.1.1.1 replies faster to my queries (via 'dig') than 9.9.9.9.

fLoo · December 2021

Update 2: The problem was indeed related to DNS. Same problems now with Quad9. I'll try to record a video and maybe that will make it more clear.

Shot2 · December 2021

And what about if you don't rely on DNS at all for your ping tests? that is, using only the IP of the server you want to ping?

fLoo · December 2021

@Shot2 said:
And what about if you don't rely on DNS at all for your ping tests? that is, using only the IP of the server you want to ping?

Completely discarding DNS and just pinging IPs (IPv6 and IPv4) is working intended. The question is, why does DNS resolving not work on this host. It works on a SYS server perfectly fine and on all my Hetzner servers aswell. So it must be related to this server.

TCPDump while trying to ping "golem.de". Until the first ping went out it took 6 !! seconds.

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), snapshot length 1500 bytes
18:38:18.958897 IP6 fe80::21e:13ff:fef9:af00 > ff02::1:ff01:1: ICMP6, neighbor solicitation, who has 2001:41d0:2:8958::1:1, length 32
18:38:18.984932 IP uniquoo.46188 > dns10.quad9.net.domain: 46211+ PTR? 1.0.0.0.1.0.f.f.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
18:38:18.988857 IP uniquoo.60465 > dns10.quad9.net.domain: 50510+ A? golem.de. (26)
18:38:18.988862 IP uniquoo.60465 > dns10.quad9.net.domain: 9794+ AAAA? golem.de. (26)
18:38:18.989763 IP dns10.quad9.net.domain > uniquoo.46188: 46211 NXDomain 0/1/0 (154)
18:38:18.989891 IP uniquoo.54623 > dns10.quad9.net.domain: 55566+ PTR? 0.0.f.a.9.f.e.f.f.f.3.1.e.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
18:38:18.994112 IP dns10.quad9.net.domain > uniquoo.54623: 55566 NXDomain* 0/1/0 (149)
18:38:18.994210 IP uniquoo.39859 > dns10.quad9.net.domain: 1116+ PTR? 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.8.5.9.8.2.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa. (90)
18:38:19.497858 IP dns10.quad9.net.domain > uniquoo.60465: 50510 1/0/0 A 77.247.84.129 (42)
18:38:19.521266 IP dns10.quad9.net.domain > uniquoo.39859: 1116 NXDomain 0/1/0 (144)
18:38:19.521485 IP uniquoo.40312 > dns10.quad9.net.domain: 63040+ PTR? 10.9.9.9.in-addr.arpa. (39)
18:38:19.755544 IP dns10.quad9.net.domain > uniquoo.40312: 63040 1/0/0 PTR dns10.quad9.net. (68)
18:38:19.958893 IP6 fe80::21e:13ff:fef9:af00 > ff02::1:ff01:1: ICMP6, neighbor solicitation, who has 2001:41d0:2:8958::1:1, length 32
18:38:22.605666 LLDP, length 104: (none).(none)
18:38:22.851124 IP netmon-1-bhs.ovh.ca > uniquoo: ICMP echo request, id 36352, seq 1, length 12
18:38:22.851146 IP uniquoo > netmon-1-bhs.ovh.ca: ICMP echo reply, id 36352, seq 1, length 12
18:38:22.936669 IP uniquoo.54642 > dns10.quad9.net.domain: 8013+ PTR? 1.37.114.167.in-addr.arpa. (43)
18:38:22.963242 IP 139.99.1.148 > uniquoo: ICMP echo request, id 7589, seq 1, length 12
18:38:22.963263 IP uniquoo > 139.99.1.148: ICMP echo reply, id 7589, seq 1, length 12
18:38:23.196841 IP dns10.quad9.net.domain > uniquoo.54642: 8013 1/0/0 PTR netmon-1-bhs.ovh.ca. (76)
18:38:23.197099 IP uniquoo.44628 > dns10.quad9.net.domain: 12023+ PTR? 148.1.99.139.in-addr.arpa. (43)
18:38:23.201976 IP dns10.quad9.net.domain > uniquoo.44628: 12023 NXDomain 0/1/0 (103)
18:38:23.992433 IP uniquoo.60465 > dns10.quad9.net.domain: 50510+ A? golem.de. (26)
18:38:24.297168 IP dns10.quad9.net.domain > uniquoo.60465: 50510 1/0/0 A 77.247.84.129 (42)
18:38:24.297206 IP uniquoo.60465 > dns10.quad9.net.domain: 9794+ AAAA? golem.de. (26)

FoxelVox · December 2021

@fLoo can you open up a mtr for 5 minutes and post it here? I.e.;

apt install mtr -y
mtr golem.de

fLoo · December 2021

@FoxelVox said:
@fLoo can you open up a mtr for 5 minutes and post it here? I.e.;

apt install mtr -y
mtr golem.de

Ofcourse. But again, when i try to ping the IP of "golem.de" there is no problem. So its definitly related to my DNS queries beeing blocked by either DNS providers (Quad9, CF..) or throttled by OVH.

Here is your MTR:

root@uniquoo:~# mtr golem.de -r -c 10
Start: 2021-12-03T18:46:18+0100
HOST: uniquoo                     Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- vss-3-6k.fr.eu             0.0%    10    0.4  23.3   0.4 208.3  65.3
  2.|-- 2001:41d0:0:5:3::140       0.0%    10    0.2   0.2   0.2   0.3   0.0
  3.|-- 2001:41d0:0:5:2::4a        0.0%    10    0.2   0.2   0.2   0.2   0.0
  4.|-- be10.p19-2-6k.fr.eu       40.0%    10   77.1  18.4   1.5  77.1  30.2
  5.|-- be100-1050.ams-5-a9.nl.eu 50.0%    10    5.9   5.8   5.6   5.9   0.1
  6.|-- amsix.dus1-r1.de.syseleve  0.0%    10    8.8  15.2   8.5  69.9  19.3
  7.|-- ae9-0.bki1-r1.syseleven.n  0.0%    10   17.5  17.5  17.4  17.8   0.1
  8.|-- ae1-0.blu1-r1.syseleven.n  0.0%    10   17.4  17.6  17.4  18.4   0.3
  9.|-- golem.de                   0.0%    10   17.3  17.3  17.2  17.4   0.1

fredo1664 · December 2021

what do you have in /etc/resolv.conf ?

fLoo · December 2021

@fredo1664 said:
what do you have in /etc/resolv.conf ?

root@uniquoo:~# cat /etc/resolv.conf
nameserver 9.9.9.10
nameserver 149.112.112.10
nameserver 2620:fe::10
nameserver 2620:fe::fe:10

fredo1664 · December 2021

Ok, I tried to query 9.9.9.10 from my KS-LE and the first time it tooks several seconds to get an answer.

fredo1664 · December 2021

do you want to try OVH's DNS? 213.186.33.99.

fLoo · December 2021

@fredo1664 said:
Ok, I tried to query 9.9.9.10 from my KS-LE and the first time it tooks several seconds to get an answer.

Please do this. Use the 9.9.9.10 DNS. Ping a domain (golem.de). Wait a few seconds. Ping (heise.de). Wait a few seconds. Ping (golem.de) again. You should see a pattern that no matter what the resolv takes ages.

This is limited to OVH, i have no problems from Hetzner using the exact same servers.

fLoo · December 2021

@fredo1664 said:
do you want to try OVH's DNS? 213.186.33.99.

OVH DNS works without a problem. Google DNS works aswell. Cloudflare and Quad9 do not.

Shot2 · December 2021

Shitty peering? reply packets too large?

fLoo · December 2021

@ Everyone watching this thread:

If you have a Kimsufi LE server, please set your DNS (resolf.conf) to 9.9.9.10 (Quad9 DNS) and ping "heise.de" (german IT newspaper) for like 30 seconds/times. After 24 times/queries resolving gets stuck and it takes SECONDS to resume. Here is a TCPDump, i'll mark the "lags" with "##":

FYI: "ping" usually fires off a ping once a seconds which means that the pinged domain gets resolved once per second aswell (thats how ping is supposed to work):

19:05:36.417385 IP uniquoo.37009 > dns10.quad9.net.domain: 33464+ A? heise.de. (26)
19:05:36.417391 IP uniquoo.37009 > dns10.quad9.net.domain: 57787+ AAAA? heise.de. (26)
19:05:36.421875 IP dns10.quad9.net.domain > uniquoo.37009: 33464 1/0/0 A 193.99.144.80 (42)
19:05:36.431795 IP dns10.quad9.net.domain > uniquoo.37009: 57787 1/0/0 AAAA 2a02:2e0:3fe:1001:302:: (54)
19:05:36.432041 IP uniquoo.43942 > dns10.quad9.net.domain: 11737+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:36.436390 IP dns10.quad9.net.domain > uniquoo.43942: 11737 1/0/0 PTR redirector.heise.de. (123)
19:05:36.440928 IP uniquoo.55847 > dns10.quad9.net.domain: 42235+ PTR? 10.9.9.9.in-addr.arpa. (39)
19:05:36.445123 IP uniquoo.55065 > dns10.quad9.net.domain: 4096+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:36.446768 IP dns10.quad9.net.domain > uniquoo.55847: 42235 1/0/0 PTR dns10.quad9.net. (68)
19:05:36.450310 IP dns10.quad9.net.domain > uniquoo.55065: 4096 1/0/0 PTR redirector.heise.de. (123)
19:05:37.447104 IP uniquoo.45141 > dns10.quad9.net.domain: 50182+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:37.451772 IP dns10.quad9.net.domain > uniquoo.45141: 50182 1/0/0 PTR redirector.heise.de. (123)
19:05:38.448410 IP uniquoo.36420 > dns10.quad9.net.domain: 52573+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:38.452853 IP dns10.quad9.net.domain > uniquoo.36420: 52573 1/0/0 PTR redirector.heise.de. (123)
19:05:39.449453 IP uniquoo.53641 > dns10.quad9.net.domain: 43675+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:39.454104 IP dns10.quad9.net.domain > uniquoo.53641: 43675 1/0/0 PTR redirector.heise.de. (123)
19:05:40.450788 IP uniquoo.47590 > dns10.quad9.net.domain: 1314+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:40.455302 IP dns10.quad9.net.domain > uniquoo.47590: 1314 1/0/0 PTR redirector.heise.de. (123)
19:05:41.452039 IP uniquoo.60784 > dns10.quad9.net.domain: 38376+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:41.456443 IP dns10.quad9.net.domain > uniquoo.60784: 38376 1/0/0 PTR redirector.heise.de. (123)
19:05:42.453108 IP uniquoo.46936 > dns10.quad9.net.domain: 38955+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:42.457469 IP dns10.quad9.net.domain > uniquoo.46936: 38955 1/0/0 PTR redirector.heise.de. (123)
19:05:43.454153 IP uniquoo.50636 > dns10.quad9.net.domain: 64012+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:43.458710 IP dns10.quad9.net.domain > uniquoo.50636: 64012 1/0/0 PTR redirector.heise.de. (123)
19:05:44.455354 IP uniquoo.53975 > dns10.quad9.net.domain: 19919+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:44.460101 IP dns10.quad9.net.domain > uniquoo.53975: 19919 1/0/0 PTR redirector.heise.de. (123)
19:05:45.456825 IP uniquoo.35740 > dns10.quad9.net.domain: 8106+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:45.461453 IP dns10.quad9.net.domain > uniquoo.35740: 8106 1/0/0 PTR redirector.heise.de. (123)
19:05:46.458229 IP uniquoo.54282 > dns10.quad9.net.domain: 15679+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:46.462675 IP dns10.quad9.net.domain > uniquoo.54282: 15679 1/0/0 PTR redirector.heise.de. (123)
19:05:47.459396 IP uniquoo.33483 > dns10.quad9.net.domain: 48704+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:47.465013 IP dns10.quad9.net.domain > uniquoo.33483: 48704 1/0/0 PTR redirector.heise.de. (123)
19:05:48.460731 IP uniquoo.48520 > dns10.quad9.net.domain: 9232+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:48.466017 IP dns10.quad9.net.domain > uniquoo.48520: 9232 1/0/0 PTR redirector.heise.de. (123)
19:05:49.461730 IP uniquoo.58811 > dns10.quad9.net.domain: 2943+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:49.466340 IP dns10.quad9.net.domain > uniquoo.58811: 2943 1/0/0 PTR redirector.heise.de. (123)
19:05:50.463004 IP uniquoo.60135 > dns10.quad9.net.domain: 54521+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:50.467495 IP dns10.quad9.net.domain > uniquoo.60135: 54521 1/0/0 PTR redirector.heise.de. (123)
19:05:51.464224 IP uniquoo.54395 > dns10.quad9.net.domain: 50718+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:51.554660 IP dns10.quad9.net.domain > uniquoo.54395: 50718 1/0/0 PTR redirector.heise.de. (123)
19:05:52.465191 IP uniquoo.55524 > dns10.quad9.net.domain: 24391+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:52.469673 IP dns10.quad9.net.domain > uniquoo.55524: 24391 1/0/0 PTR redirector.heise.de. (123)
19:05:53.466262 IP uniquoo.59937 > dns10.quad9.net.domain: 23579+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:53.470933 IP dns10.quad9.net.domain > uniquoo.59937: 23579 1/0/0 PTR redirector.heise.de. (123)
19:05:54.467554 IP uniquoo.47238 > dns10.quad9.net.domain: 18780+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:54.557699 IP dns10.quad9.net.domain > uniquoo.47238: 18780 1/0/0 PTR redirector.heise.de. (123)
19:05:55.469237 IP uniquoo.40432 > dns10.quad9.net.domain: 36928+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:55.476357 IP dns10.quad9.net.domain > uniquoo.40432: 36928 1/0/0 PTR redirector.heise.de. (123)
19:05:56.470985 IP uniquoo.58788 > dns10.quad9.net.domain: 43562+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:56.475406 IP dns10.quad9.net.domain > uniquoo.58788: 43562 1/0/0 PTR redirector.heise.de. (123)
19:05:57.472100 IP uniquoo.34144 > dns10.quad9.net.domain: 46151+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:57.477018 IP dns10.quad9.net.domain > uniquoo.34144: 46151 1/0/0 PTR redirector.heise.de. (123)
19:05:58.473621 IP uniquoo.59667 > dns10.quad9.net.domain: 24090+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:58.479154 IP dns10.quad9.net.domain > uniquoo.59667: 24090 1/0/0 PTR redirector.heise.de. (123)
19:05:59.474864 IP uniquoo.58096 > dns10.quad9.net.domain: 54354+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:05:59.491252 IP dns10.quad9.net.domain > uniquoo.58096: 54354 1/0/0 PTR redirector.heise.de. (123)
## 19:06:00.475912 IP uniquoo.47499 > dns10.quad9.net.domain: 54850+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
## 19:06:05.480969 IP uniquoo.46852 > dns10.quad9.net.domain: 54850+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:06:05.560685 IP uniquoo.60535 > dns10.quad9.net.domain: 37408+ PTR? 10.112.112.149.in-addr.arpa. (45)
19:06:05.565261 IP dns10.quad9.net.domain > uniquoo.60535: 37408 1/0/0 PTR dns10.quad9.net. (74)
## 19:06:08.484038 IP6 2001:41d0:2:8971::1.36502 > dns10.quad9.net.domain: 54850+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:06:08.576687 IP uniquoo.34271 > dns10.quad9.net.domain: 13229+ PTR? 0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.e.f.0.0.0.2.6.2.ip6.arpa. (90)
19:06:09.095891 IP dns10.quad9.net.domain > uniquoo.34271: 13229 1/0/0 PTR dns10.quad9.net. (119)
19:06:09.096042 IP uniquoo.33725 > dns10.quad9.net.domain: 30177+ PTR? 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.7.9.8.2.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa. (90)
## 19:06:14.101100 IP uniquoo.60407 > dns10.quad9.net.domain: 30177+ PTR? 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.7.9.8.2.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa. (90)
19:06:14.135019 IP dns10.quad9.net.domain > uniquoo.60407: 30177 NXDomain 0/1/0 (144)
19:06:14.490077 IP uniquoo.47499 > dns10.quad9.net.domain: 54850+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
## 19:06:19.190183 IP6 dns10.quad9.net.domain > 2001:41d0:2:8971::1.36502: 54850 1/0/0 PTR redirector.heise.de. (123)
19:06:19.495113 IP uniquoo.46852 > dns10.quad9.net.domain: 54850+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:06:19.499375 IP dns10.quad9.net.domain > uniquoo.46852: 54850 1/0/0 PTR redirector.heise.de. (123)
19:06:19.508096 IP uniquoo.58066 > dns10.quad9.net.domain: 21846+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:06:19.513972 IP dns10.quad9.net.domain > uniquoo.58066: 21846 1/0/0 PTR redirector.heise.de. (123)
19:06:20.509820 IP uniquoo.52491 > dns10.quad9.net.domain: 44826+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:06:20.514767 IP dns10.quad9.net.domain > uniquoo.52491: 44826 1/0/0 PTR redirector.heise.de. (123)
19:06:21.511499 IP uniquoo.41873 > dns10.quad9.net.domain: 51885+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)
19:06:21.515845 IP dns10.quad9.net.domain > uniquoo.41873: 51885 1/0/0 PTR redirector.heise.de. (123)
19:06:22.512559 IP uniquoo.47514 > dns10.quad9.net.domain: 27582+ PTR? 0.0.0.0.0.0.0.0.0.0.0.0.2.0.3.0.1.0.0.1.e.f.3.0.0.e.2.0.2.0.a.2.ip6.arpa. (90)

fLoo · December 2021

Okay so i extended the tests. Its easy to test this.

time ping heise.de

If the issued pings equal to the seconds passed everything is okay.

Not Working:

Quad9
Cloudflare

Working:

Google DNS
OpenDNS
OVH DNS

If you want to help me and confirm my findings with your Kimsufi-LE you can use this resolf.conf.
Again: This problem only persists on my new Kimsufi server. SoYouStart and Hetzner are fine with all hosts.

## Quad 9
#nameserver 9.9.9.10
#nameserver 149.112.112.10
#nameserver 2620:fe::10
#nameserver 2620:fe::fe:10

## Cloudflare
#nameserver 1.1.1.1
#nameserver 1.0.0.1
#nameserver 2606:4700:4700::1111
#nameserver 2606:4700:4700::1001

## Google
#nameserver 8.8.8.8
#nameserver 8.8.4.4
#nameserver 2001:4860:4860::8888
#nameserver 2001:4860:4860::8844

## OpenDNS
#nameserver 208.67.222.222
#nameserver 208.67.220.220
#nameserver 2620:119:35::35
#nameserver 2620:119:53::53

## OVH
#nameserver 213.186.33.99

fLoo · December 2021

Update: Confirming the problem using Rescue and file a ticket. Server is not usable for me.

fredo1664 · December 2021

Out of curiosity, your SYS server on which you said it works perfectly fine, is it located in the same or a different datacenter than the Kimsufi?

fLoo · December 2021

Final Result via Rescue Mode:

IPv4: 60 Pings - 59.131 seconds

root@rescue:~# time ping heise.de -c 60

--- heise.de ping statistics ---
60 packets transmitted, 60 received, 0% packet loss, time 59086ms
rtt min/avg/max/mdev = 8.358/8.539/9.879/0.243 ms

real    0m59.131s
user    0m0.000s
sys     0m0.006s

IPv6: 60 Pings - 71.190 seconds.

root@rescue:~# time ping heise.de -c 60

--- heise.de ping statistics ---
60 packets transmitted, 60 received, 0% packet loss, time 71132ms
rtt min/avg/max/mdev = 8.416/8.630/10.507/0.380 ms

real    1m11.190s
user    0m0.019s
sys     0m0.000s

Houston, Kimsufi has some serious IPv6 Problems.

rm_ · December 2021

Install unbound and use 127.0.0.1 as your DNS. Sure it is a networking hiccup at OVH (probably some UDP DDoS filter is poorly tuned), but to say that a server is "not usable" because of not being able to use a random third-party DNS service, is going way too far.

On a dedicated server of all things, do not rely on others for your resolving (and for your tracking and for your logging of all your requests) -- just run your own.

FoxelVox · December 2021

that is indeed strange. Could be a lot of stuff, @ninzo59 could you have this checked out? i can confirm this happening on my ks-le

Razza · December 2021

9.9.9.9 is probably not the best resolve to use anyway sometime ago when I was debugging a issue for a friend on his server where network seem to hang for a sec or so randomly in the end I traced it done to lookup to 9.9.9.9 would randomly timeout or hang for a few sec after switching to his server to 8.8.8.8 never heard any issues about it again.

fLoo · December 2021

@Razza said:
9.9.9.9 is probably not the best resolve to use anyway sometime ago when I was debugging a issue for a friend on his server where network seem to hang for a sec or so randomly in the end I traced it done to lookup to 9.9.9.9 would randomly timeout or hang for a few sec after switching to his server to 8.8.8.8 never heard any issues about it again.

As i said. Its not related to 9.9.9.9 anymore. It seemed so but this was until i turned off IPv6 on my KS-LE. Also, same thing happens with rescue image without touching the network config at all. 9.9.9.9 is a very reliable dns resolver we're using in our corporate network for ages now.

This problem turns out to be a routing / ipv6 issue on OVH side. And yes. Server is unusable if IPv6 has such hickups.

v3ng · December 2021

Had similar issues with a Kimsufi Box in BHS.
IPv6 pings took super long and my IPv6 connection even dropped randomly.

No problems with SYS in SBG however

rm_ · December 2021

@fLoo said: This problem turns out to be a routing / ipv6 issue on OVH side. And yes. Server is unusable if IPv6 has such hickups.

Do not see how IPv6 is related here. The first two servers in your resolv.conf are IPv4. It gets to ones further down only in case when the first two fail to respond. And if they fail like that, then that was very much an IPv4 problem, not IPv6.

And stop using ping of unrelated host to diagnose DNS issues ffs. "Time until first ping" is exactly where it waits for DNS to resolve (or time out) the reverse DNS record. If there's a high delay at that stage, then it is a DNS issue. And use the proper tools to diagnose DNS, specifically nslookup and dig.

time nslookup heise.de 9.9.9.9 and run 50 times or such.

fLoo · December 2021

@rm_ said:
And stop using ping to diagnose DNS issues ffs. "Time until first ping" is exactly because it waits for DNS to resolve (or time out) the reverse DNS record. If there's a high delay at that stage, then it is a DNS issue. And use the proper tools to diagnose DNS, specifically nslookup and dig.

Your answer makes no sense whatsoever if you didnt even understand what i've been testing with the ping command after all. Sad that you're trying to act like a professional while you're making a fool out of yourself.

bsh · December 2021

@v3ng said:
Had similar issues with a Kimsufi Box in BHS.
IPv6 pings took super long and my IPv6 connection even dropped randomly.

No problems with SYS in SBG however

For OVH/SYS/KS IPv6, you should add prefixlength as /56 instead of /64

rm_ · December 2021

So going back to your previous post:

@fLoo said: After 24 times/queries resolving gets stuck and it takes SECONDS to resume. Here is a TCPDump, i'll mark the "lags" with "##":

FYI: "ping" usually fires off a ping once a seconds which means that the pinged domain gets resolved once per second aswell (thats how ping is supposed to work):

That's still a DNS problem, you disagree? I just wonder why not diagnose DNS directly, as opposed to via ping, which only gets delayed due to its DNS queries as a side-effect.

fLoo · December 2021

@rm_ said:
So going back to your previous post:

@fLoo said: After 24 times/queries resolving gets stuck and it takes SECONDS to resume. Here is a TCPDump, i'll mark the "lags" with "##":

FYI: "ping" usually fires off a ping once a seconds which means that the pinged domain gets resolved once per second aswell (thats how ping is supposed to work):

That's still a DNS problem, you disagree? I just wonder why not diagnose DNS directly, as opposed to via ping, which only gets delayed due to its DNS queries as a side-effect.

Because it is not a DNS Problem. Querying DNS via IPv6 just revealed the root cause of the problems. IPv6 connectivity. I was using "ping" because it has one advantage for me checking for the root cause here:

Because ping queries a domain for each ping, i could check DNS issues and routing issues at the same time with tcpdump in the background.

On my new KS-LE server, IPv6 just keeps dropping. For example: Restart your KS-LE and issue IPv6 pings against a target. You'll see that it takes ~ 5-10 seconds for OVH routers to build routes so packets start to flow.

@ninzo59 Could you please check? My Ticket: 3444223

Howdy, Stranger!

Categories

In this Discussion

Problems on Kimsufi / Routing Hickups

Comments

Howdy, Stranger!

Quick Links

Categories

In this Discussion

Problems on Kimsufi / Routing Hickups

Comments