Re: [AFMUG] Federated Wireless SAS outage?

Sun, 19 Jul 2020 08:50:01 -0700

Sounds like it's time for secure DNS (DNSSEC)?


bp
<part15sbs{at}gmail{dot}com>
On 7/19/2020 8:42 AM, Ken Hohhof wrote:

The idea seems to be that you are outsourcing your redundancy to a big company like Cloudflare or Amazon that can do it better than you could, or at least has more resources.

 

A quick read of some of the discussion lists indicates that you can’t run Cloudflare DNS and something else for redundancy.  I don’t understand the technical issues, but apparently that’s not how it works.  There’s also supposedly the issue that Cloudflare is doing attack mitigation, and if you disclose the IP addresses of your other DNS servers, they will get attacked and won’t be able to survive a terabit flood of traffic.

 

I’m still not clear on whether Cambium is using  AWS DNS with Cloudflare attack mitigation, or if the DNS is actually hosted by Cloudflare.  Either way, the effect was the same.  Also not clear is where cnMaestro Cloud is hosted, if that is also on AWS.  Like, if we put the IP address for cloud.cambiumnetworks.com into the AP instead of the hostname, would that have worked around the problem?  Of we could have quickly set our own DNS servers to think they were authoritative for cambiumnetworks.com.

 

 

From: AF <af-boun...@af.afmug.com> On Behalf Of Dave
Sent: Sunday, July 19, 2020 9:19 AM
To: af@af.afmug.com
Subject: Re: [AFMUG] Federated Wireless SAS outage?

 

Well sheet... Bunch of windoze Hooie if ya ask me :)

If this is to be soo critical better start thinking like mil spec NBC resilient type infrastructure other wise yes it dies.

 

On 7/17/2020 9:14 PM, Ken Hohhof wrote:

I think maybe they use AWS for DNS, but that Cloudflare is doing attack mitigation for AWS.

 

From: AF <af-boun...@af.afmug.com> On Behalf Of Matt Hoppes
Sent: Friday, July 17, 2020 8:52 PM
To: AnimalFarm Microwave Users Group <af@af.afmug.com>
Subject: Re: [AFMUG] Federated Wireless SAS outage?

 

That’sa major problem. 




On Jul 17, 2020, at 9:30 PM, Cassidy B. Larson <c...@infowest.com> wrote:

So, appears cambiumnetworks.com uses cloudflare for DNS alone. Cloudflare goes inaccessible, bye bye cambiumnetworks.com and I assume cnheat. 

 

sas.cbrs.cambiumnetworks.com is the URL for the cnmaestro SAS URL. 

 

cloudflare DNS tell us to go ask AWS DNS for how to resolve *.cbrs.cambiumnetworks.com, but cloudflare tell us to only cache these NS records for 5 min.. so there’s our problem.

 

5 min of cloudflare being unresponsive and we’re toast for valid cnmaestro SAS URL resolution. 

 

 

 

On Jul 17, 2020, at 4:59 PM, castarritt <castarr...@gmail.com> wrote:

 

cnHeat was broken too.

 

On Fri, Jul 17, 2020 at 5:34 PM Ken Hohhof <af...@kwisp.com> wrote:

I think it was actually cnMaestro that went away, or its IP address couldn’t be looked up.

 

 

From: AF <af-boun...@af.afmug.com> On Behalf Of Cassidy B. Larson
Sent: Friday, July 17, 2020 5:14 PM
To: AnimalFarm Microwave Users Group <af@af.afmug.com>
Subject: Re: [AFMUG] Federated Wireless SAS outage?

 

Our Google SAS also went offline.  Whatcha wanna bet CNMaestro hard codes requests to 1.1.1.1 to resolve SAS URLs?

 

Gonna have to do some tcpdumps to verify.

 

On Jul 17, 2020, at 3:58 PM, Larry Smith <lesm...@ecsis.net> wrote:

 

Cloudflare had a major issue lasting about 30 minutes

-- 
Larry Smith
lesm...@ecsis.net

On Fri July 17 2020 16:47, Joe Novak wrote:

whatever just blipped on the internet probably caused it,
authoritative servers at Cloudflare maybe? It's appears to be working again
here via Comcast and work.

On Fri, Jul 17, 2020 at 4:44 PM Ken Hohhof <af...@kwisp.com> wrote:

TTL on DNS record is 1 minute.  Serial number is 1 which seems strange.



*From:* AF <af-boun...@af.afmug.com> *On Behalf Of *Nate Burke
*Sent:* Friday, July 17, 2020 4:37 PM
*To:* AnimalFarm Microwave Users Group <af@af.afmug.com>
*Subject:* Re: [AFMUG] Federated Wireless SAS outage?



Cloud.cambiumnetworks.com is working fine for me.  I'm resolving to
us-east-1-rtr-1-578252723.us-east-1.elb.amazonaws.com [18.213.196.79]

On 7/17/2020 4:36 PM, Ken Hohhof wrote:

Actually, I can’t get DNS resolution for cloud.cambiumnetworks.com.  Even
at my home which is not on my network.



*From:* AF <af-boun...@af.afmug.com> <af-boun...@af.afmug.com> *On Behalf
Of *Ken Hohhof via AF
*Sent:* Friday, July 17, 2020 4:32 PM
*To:* 'AnimalFarm Microwave Users Group' <af@af.afmug.com>
<af@af.afmug.com>
*Cc:* Ken Hohhof <af...@kwisp.com> <af...@kwisp.com>
*Subject:* [AFMUG] Federated Wireless SAS outage?



Anyone else experiencing SAS not reachable errors?



Cambium CBRS with Federated Wireless SAS.




--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

 

--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

 

--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com







-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Reply via email to