For authoritative DNS, have a hidden master DNS server on your network that transfers your zones to multiple anycast DNS providers (such as Hurricane Electric and ClouDNS). Only put the nameservers they give you in your domain name and RIR nameserver entries. It's unlikely two completely separate networks will fail at the same time.
I believe Cloudflare is the most advanced, but no, they don't play well with others. Most cloud authoritative DNS providers will do a good enough job. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Ken Hohhof" <af...@kwisp.com> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> Sent: Sunday, July 19, 2020 10:42:58 AM Subject: Re: [AFMUG] Federated Wireless SAS outage? The idea seems to be that you are outsourcing your redundancy to a big company like Cloudflare or Amazon that can do it better than you could, or at least has more resources. A quick read of some of the discussion lists indicates that you can’t run Cloudflare DNS and something else for redundancy. I don’t understand the technical issues, but apparently that’s not how it works. There’s also supposedly the issue that Cloudflare is doing attack mitigation, and if you disclose the IP addresses of your other DNS servers, they will get attacked and won’t be able to survive a terabit flood of traffic. I’m still not clear on whether Cambium is using AWS DNS with Cloudflare attack mitigation, or if the DNS is actually hosted by Cloudflare. Either way, the effect was the same. Also not clear is where cnMaestro Cloud is hosted, if that is also on AWS. Like, if we put the IP address for cloud.cambiumnetworks.com into the AP instead of the hostname, would that have worked around the problem? Of we could have quickly set our own DNS servers to think they were authoritative for cambiumnetworks.com. From: AF <af-boun...@af.afmug.com> On Behalf Of Dave Sent: Sunday, July 19, 2020 9:19 AM To: af@af.afmug.com Subject: Re: [AFMUG] Federated Wireless SAS outage? Well sheet... Bunch of windoze Hooie if ya ask me :) If this is to be soo critical better start thinking like mil spec NBC resilient type infrastructure other wise yes it dies. On 7/17/2020 9:14 PM, Ken Hohhof wrote: I think maybe they use AWS for DNS, but that Cloudflare is doing attack mitigation for AWS. From: AF <af-boun...@af.afmug.com> On Behalf Of Matt Hoppes Sent: Friday, July 17, 2020 8:52 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Subject: Re: [AFMUG] Federated Wireless SAS outage? That’sa major problem. <blockquote> On Jul 17, 2020, at 9:30 PM, Cassidy B. Larson < c...@infowest.com > wrote: <blockquote> So, appears cambiumnetworks.com uses cloudflare for DNS alone. Cloudflare goes inaccessible, bye bye cambiumnetworks.com and I assume cnheat. sas.cbrs.cambiumnetworks.com is the URL for the cnmaestro SAS URL. cloudflare DNS tell us to go ask AWS DNS for how to resolve *. cbrs.cambiumnetworks.com , but cloudflare tell us to only cache these NS records for 5 min.. so there’s our problem. 5 min of cloudflare being unresponsive and we’re toast for valid cnmaestro SAS URL resolution. <blockquote> On Jul 17, 2020, at 4:59 PM, castarritt < castarr...@gmail.com > wrote: cnHeat was broken too. On Fri, Jul 17, 2020 at 5:34 PM Ken Hohhof < af...@kwisp.com > wrote: <blockquote> I think it was actually cnMaestro that went away, or its IP address couldn’t be looked up. From: AF < af-boun...@af.afmug.com > On Behalf Of Cassidy B. Larson Sent: Friday, July 17, 2020 5:14 PM To: AnimalFarm Microwave Users Group < af@af.afmug.com > Subject: Re: [AFMUG] Federated Wireless SAS outage? Our Google SAS also went offline. Whatcha wanna bet CNMaestro hard codes requests to 1.1.1.1 to resolve SAS URLs? Gonna have to do some tcpdumps to verify. <blockquote> On Jul 17, 2020, at 3:58 PM, Larry Smith < lesm...@ecsis.net > wrote: Cloudflare had a major issue lasting about 30 minutes -- Larry Smith lesm...@ecsis.net On Fri July 17 2020 16:47, Joe Novak wrote: <blockquote> whatever just blipped on the internet probably caused it, authoritative servers at Cloudflare maybe? It's appears to be working again here via Comcast and work. On Fri, Jul 17, 2020 at 4:44 PM Ken Hohhof < af...@kwisp.com > wrote: <blockquote> TTL on DNS record is 1 minute. Serial number is 1 which seems strange. *From:* AF < af-boun...@af.afmug.com > *On Behalf Of *Nate Burke *Sent:* Friday, July 17, 2020 4:37 PM *To:* AnimalFarm Microwave Users Group < af@af.afmug.com > *Subject:* Re: [AFMUG] Federated Wireless SAS outage? Cloud.cambiumnetworks.com is working fine for me. I'm resolving to us-east-1-rtr-1-578252723.us-east-1.elb.amazonaws.com [18.213.196.79] On 7/17/2020 4:36 PM, Ken Hohhof wrote: Actually, I can’t get DNS resolution for cloud.cambiumnetworks.com . Even at my home which is not on my network. *From:* AF < af-boun...@af.afmug.com > < af-boun...@af.afmug.com > *On Behalf Of *Ken Hohhof via AF *Sent:* Friday, July 17, 2020 4:32 PM *To:* 'AnimalFarm Microwave Users Group' < af@af.afmug.com > < af@af.afmug.com > *Cc:* Ken Hohhof < af...@kwisp.com > < af...@kwisp.com > *Subject:* [AFMUG] Federated Wireless SAS outage? Anyone else experiencing SAS not reachable errors? Cambium CBRS with Federated Wireless SAS. -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> </blockquote> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> </blockquote> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
