DNS problems for asti.ga

gravelldgravelld Administrator

It looks like the DNS problems we were encountering back in August/September are back.

(DNS is the method by which domain names like "asti.ga" are converted to IP addresses so that your devices can communicate with Astiga's servers - from the user's point of view it's a bit like the old fashioned way of looking up phone numbers in the telephone directory).

I've had a couple of reports of users in SE Asia and Australia not being able to access astig.ga - that includes the web app, access via the mobile apps and the community site (here).

The problem appears to be that DNS servers in those locations are being refused.

I'm looking into this - if there are any DNS experts out there that can help, I'd be only to happy to chat.

Comments

  • gravelldgravelld Administrator

    This appears to be solved now. We increased (massively) the TTL settings on our DNS records and it appears to have fixed the issue. It took 45mins for the changes to appear to take effect, but looking good now.

    If anyone continues to have problems, let us know.

  • I'm not sure if this is related to your Jan 7th issues, but there are again DNS issues.

    For a box I use that uses Amazon's DNS, it works fine. But if I attempt to use Google's DNS, I'm getting SERVFAIL. This behavior has been going on since at least this morning. I know it worked earlier in the week, but I'm not sure exactly when it started failing.

    < plat ~ >> host asti.ga

    asti.ga has address 157.90.157.140

    asti.ga has IPv6 address 2a01:4f8:c010:520e::1

    asti.ga mail is handled by 10 web0134.zxcs.nl.

    < plat ~ >> host asti.ga 8.8.8.8

    Using domain server:

    Name: 8.8.8.8

    Address: 8.8.8.8#53

    Aliases:


    Host asti.ga not found: 2(SERVFAIL)

  • gravelldgravelld Administrator

    Thanks for this. Where are you accessing from? That even looks like it's failing to resolve via Google's name servers? This is an escalation of the problem.

    I'll be looking at migrating DNS to a different provider today.

  • gravelldgravelld Administrator

    Are you currently experiencing any problems @ScionOfEris ? Our health checkers are currently saying they can resolve the IP from anywhere.

  • gravelldgravelld Administrator

    I have started the migration process. It should take about 24 hours I think. Could anyone let me know if they get further issues?

  • It seems fine for me now.

    I'm not sure how long it was going on, but dnschecker.org was showing issues when I posted. I doublechecked at some point on Friday and it was still going on. I'm not sure when it resumed working.

    I tossed a workaround DNS entry into my pihole server, so I haven't had any issues since I first noticed them. I'll pull that out though, so in case this happens again I'll notice.

  • gravelldgravelld Administrator

    Thanks, that would be very helpful.

  • gravelldgravelld Administrator

    Some more reported problems, sadly.

    I've been getting *more* reports of DNS problems for asti.ga, even since the switch to Cloudflare.

    Looks like someone else has the same issue with a .ga domain registered through the same registrar : https://community.cloudflare.com/t/dns-names-have-stopped-to-resolve-on-several-public-dns-servers/368173/3 . Furthermore as @ScionOfEris was reporting, dnschecker is showing some failures: https://dnschecker.org/#A/asti.ga

    Is this affecting anyone else?

  • gravelldgravelld Administrator

    The problem seems to have gone away...

  • gravelldgravelld Administrator

    I received an email from a user who was experiencing this again, and fresh searching found this thread:

    This is an issue on Google's public DNS service (which many people use), however other issues are highlighted which are upstream of Google so could affect anyone, namely that the ultimate registrar for asti.ga, Freenom, got DDoS'd and seem to be susceptible to continued attacks of this kind.

    My knee jerk response is to get the hell of Freenom; the trouble is (1) they are unresponsive to support and (2) our contract lasts until 2030, so it's worrying that they won't handle any kind of transfer correctly and we'll have a load more downtime.

  • NET::ERR_CERT_INVALID


    Kaspersky now flags the web (astiga and community) as suspicius webpages.


    Maybe it´s related....

  • gravelldgravelld Administrator

    At the moment Kaspersky reports "Good" - https://opentip.kaspersky.com/https%3A%2F%2Fasti.ga/?tab=lookup but maybe I'm looking at the wrong thing?

    I've noticed that, sometimes, some of the health watchers flag connection problems as problems during the SSL handshake. This might be related, but whether the underlying issue is DNS lookup I'm not sure.

  • Really sounds extraterrestrial language to me. Sorry. But I received the message on the computer just today. And thought it could be related.

  • gravelldgravelld Administrator

    Thanks for the heads-up!

  • gravelldgravelld Administrator

    For the sake of updating this ongoing issue - the last couple of days have seen a few more reports of this.

    Here's another discussion online about the issue https://news.ycombinator.com/item?id=34194555

    If anyone is currently experiencing this - and you happen to know the details - let me know what the DNS server you are using is.

    As a short term workaround you may be able to change your DNS server to, e.g. 8.8.8.8 or 1.1.1.1 and that might work for you.

  • gravelldgravelld Administrator

    Today the DNS checker at https://dnschecker.org/#A/asti.ga is looking healthier, so maybe Freenom (who are in charge of the .ga TLD) have got their act together...

    Longer term though, it might be a good idea to consider a change in domain name (this is a big change, but the earlier done the better).

  • CambionnCambionn Member
    edited January 2023

    Not sure if this is entirely the correct thread as I don't know if this has been the same issue, but I've had a lot of short term issues lately, but I just had a 24+ hour downtime to all sites and services connected to the asti.ga domain. That's quite some time. Acourding to is it down websites it wasn't just me either. It tended to come back randomly for a few minutes max so I've been trying to use that time to cache some music (I keep the download on so it restarts downloading as soon as connection is restored), but that also means I have no clue if it stays online now.

    I tried to contact trough Twitter and mail but to no avail, nor any updates anywhere. I guess due to the weekend, but with a long downtime like this I'd expect some kind of communication. I mean, shit can happen, but it'll be nice to know if it's on the radar at least, and that if possible if it's being worked on (I can understand third parties issues can't always be helped). Do you have any system to check for downtime to warn you during off-hours?

    Where this the same issues mentioned earlier with Freenom? I agree that if it's related to the domain, a change might be good. I wonder what happened at Freenom, as I haven't seen these issues in the years I used Astiga before, at least not at this scale.

    As music is something I tend to listen to during my whole day, it's quite bothersome when it's down this long. I can do without social media and all that stuff, but my music is a different story for me 😅.

    Post edited by Cambionn on
  • gravelldgravelld Administrator

    Really, really sorry for this. The trouble with this is that only certain places are ever affected, and so as a result we don't get any health checking failures. If we did, we'd run to it, weekend or not. As it is, even programmers need rest, so we like to take the weekend off ;-) .

    We actually have two sets of health checks, and they are worldwide. Currently the health check only trips if a certain number of them report a problem. I'm going to lower that threshold so I at least know there's an issue.

    The other trouble is there's nothing we can actually do about this issue when it's happening. It's totally out of our control, other than to advise workarounds; using a different DNS server might help, such as 1.1.1.1 or 8.8.8.8 (CloudFlare's and Google's open DNS servers, respectively).

    As far as I can see, the only way of rectifying this really is to change our domain, probably to a .com.

  • CambionnCambionn Member
    edited January 2023

    The trouble with this is that only certain places are ever affected, and so as a result we don't get any health checking failures. If we did, we'd run to it, weekend or not. [...]

    We actually have two sets of health checks, and they are worldwide. Currently the health check only trips if a certain number of them report a problem. I'm going to lower that threshold so I at least know there's an issue.

    I see, I guess finding the right threshold is difficult indeed. Glad to hear you are on it at least.

    As it is, even programmers need rest, so we like to take the weekend off ;-) .

    Totally understand. I work IT too, and only in emergencies would we work in weekends as well. It was mainly the lack of communication during such a long time that made me worry a bit. But I guess it all goes back to the difficulty of health checking when it only goes off on some places.

    As far as I can see, the only way of rectifying this really is to change our domain, probably to a .com.

    A .eu (or other European domains) would be nice too, and feels less American and therefor feels more privacy minded 😉. But with the changes around Brexit I don't know what the options are.

  • gravelldgravelld Administrator

    Yeah, I was wondering about that. Or...

    • .audio
    • .music (.music isn't actually fully launched yet)
    • .live
    • .io
    • .rocks

    They would need a bit of investigation to make sure we wouldn't be walking into exactly the same problem.

  • I'm not that fond of BigTech and therefor prefer not to change my DNS to Google or CloudFlare. I have music cached for now, so I won't be caught without music again. Looking forward to the domain change, but I understand it's quite a change so it'll take some time.

    I like the one you propose. Nice to hear you're looking into more options :).

  • gravelldgravelld Administrator

    Thanks...

Sign In or Register to comment.