[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IDD #JRM-232824]: Loss of link to Unidata server



Hi James,

re:
> This morning, we lost connection to idd.unidata.ucar.edu(shortly after
> 1700 UTC 11 August). In the ldmd.log this notice appears:
> 
> Aug 11 11:10:39 horus idd.unidata.ucar.edu[16793] NOTE: Upstream LDM
> didn't reply to FEEDME request; RPC: Unable to receive; errno =
> Connection reset by peer
> 
> 
> A similar message occurs for the secondary connection to
> aeolus.ucsd.edu.

The fact that two independent upstreams are now denying your feed
REQUESTs suggests that something is amiss on your side.  Please see
my comment further in this reply.

re:
> When I type "notifyme -vl- -f ANY -h idd.unidata.ucar.edu", I see the 
> following:
> 
> Aug 11 18:09:02 notifyme[16850] NOTE: Starting Up: idd.unidata.ucar.edu:
> 20140811180902.363 TS_ENDT {{ANY,  ".*"}}
> Aug 11 18:09:02 notifyme[16850] NOTE: LDM-5 desired product-class:
> 20140811180902.363 TS_ENDT {{ANY,  ".*"}}
> Aug 11 18:09:02 notifyme[16850] INFO: Resolving idd.unidata.ucar.edu to
> 128.117.140.3 took 0.001399 seconds
> Aug 11 18:09:02 notifyme[16850] ERROR: NOTIFYME(idd.unidata.ucar.edu):
> 7: Access denied by remote server
> 
> 
> Again, a similar outcome occurs for aeolus.ucsd.edu.

Since we have made _no_ changes to ALLOWs on our top level IDD relay
cluster, idd.unidata.ucar.edu, it sounds like DNS for your machine is
no longer available.  Lack of reverse DNS (IP -> name) would prevent
the ALLOW already in-place for your machines from working.

re:
> If the allow access for horus.atmos.ucla.edu and indra.atmos.ucla.edu
> have been removed, can you please restore them?

The ALLOWs have not been removed.  I appreciate you including the fully
qualified names of your LDM machines as this allowed me to see what
is going wrong:

% nslookup horus.atmos.ucla.edu
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
Name:   horus.atmos.ucla.edu
Address: 128.97.77.43

This shows that forward DNS works correctly for horus.

% nslookup 128.97.77.43
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
43.77.97.128.in-addr.arpa       name = 
horus.atmos.ucla.edu.77.97.128.in-addr.arpa.

Authoritative answers can be found from:
43.77.97.128.in-addr.arpa       nameserver = kerberos.atmos.ucla.edu.
kerberos.atmos.ucla.edu internet address = 128.97.58.42

This shows that reverse DNS is _NOT_ working correctly for horus.

However, both forward and reverse DNS are working for indra:

% nslookup indra.atmos.ucla.edu
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
Name:   indra.atmos.ucla.edu
Address: 128.97.58.212

% nslookup 128.97.58.212
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
212.58.97.128.in-addr.arpa      name = indra.atmos.ucla.edu.

Authoritative answers can be found from:
212.58.97.128.in-addr.arpa      nameserver = zeus.atmos.ucla.edu.
212.58.97.128.in-addr.arpa      nameserver = kerberos.atmos.ucla.edu.
zeus.atmos.ucla.edu     internet address = 128.97.58.58
kerberos.atmos.ucla.edu internet address = 128.97.58.42

'indra' should, therefore, be able to REQUEST data from idd.unidata.ucar.edu
(and, presumably, from aeolus.ucsd.edu).

re:
> If I'm supposed to
> access different server, I would appreciate the names of a primary and
> secondary source.

Nope, we have valid ALLOWs for your machines.  The problem on horus is
reverse DNS has been mucked-up somewhere.  Can you check with your
networking folks?

re:
> Thanks in advance.

No worries.  Sorry for the hassles!

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: JRM-232824
Department: Support IDD
Priority: Normal
Status: Closed


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.