Bill The problem is similar to what you mention in 2).
DNS2GO is setting a TTL on the URL to 15 seconds. The TP is using a DNS server which is not honoring the TTL. When the IP changes, they still point to the old (invalid) IP. Why spend $600.00 per year extra when it should not be necessary? To: [email protected] From: "impulse_telecom" <[EMAIL PROTECTED]> Date sent: Mon, 09 Apr 2007 19:13:46 -0000 Subject: [EDI-L] Re: AS2 and Dynamic IPs > I think I'd need a little more information to determine the exact > cuase of problems in this AS2 set-up. > > Recommendations: > 1. If at all possible, get the Internet service provider to set up > a Static IP address. Even cut-rate DSL service from AT&T is > available with a Static IP address for $49.95 per month. > > 2. I like Zone Edit (www.zoneedit.com) if you need to host DNS > externally. If you can get a static IP, you don't need to worry > quite as much about the canonical (non-numeric) name of your AS2 > server. However... some firewalls look up DNS and may refuse the > connection if the forward and reverse resolution don't math. That > is to say you claim you are wonder-as2.abc.com and that resolves to > 64.217.208.6. The firewall then resolves 64.217.208.6 back and gets > the answer host6-dsl.denver.sbc.com (This is a ficticious example > for illustration only). Since host6-dsl.denver.sbc.com doesn't > match wonder-as2.abc.com, the firewall drops the connection. I > beleive Zoneedit still allows you to tailor some of your domain's > SOA (start of authority) record vaules, such as the time-to-live and > mandatory refresh interval. > > Some proxy/firewalls and some Windows products ignore the SOA values > and cache DNS data for whatever interval they like. In particualr, > I've seen problems wiht Win2k applicaitons where Windows itself may > properly honor the SOA, but the application caches DNS data > separately from the O/S. There isn't much you can do to fix broken > behavior. > > I've usually seen the check for forward/reverse DNS matching used > priamrily on mail servers, since e-mail has essentially no > authentication. The idea is that spammers are too lazy to get > properly registered DNS for the PCs they've co-opted for their > networks. The firewall administrator might have turned on the DNS > check for all services, not just e-mail. > > 3. Be sure your in-bound and out-bound firewall rules are correct. > The firewall administrator for either side might have ranges of > excluded ports that you or the other side are hitting some of the > time when opening out-bound connections. > > 4. On the AS2 scene, try setting your MDNs to synchronous. This is > handny if your IP address is bound to move unexpectedly. The > initating AS2 server will maintain the initial TCP connection open > until the recipient issues the MDN response. Part of the headers > have the reply-to address written in, so if you have an IP address > written into the header, and it changes, then without synchronous > MDNs, the repsonse may go back to the wrong IP address. This can > lead to weird errors, and I've seen Drummond certified servers > exhibit various behaviors. In the case of an async MDN and IP > moving, the receiver may try to connect back to what it thinks is > the correct address, but nobody is there. I've seen one product > consider trying to deliver an MDN as sufficient, whether or not the > sender got the reply. Meanwhile, the sender never gets the MDN, and > keeps re-sending the same message. Using AS2 doesn't prevent > duplicates in such a case; lesson always check your document control > numbers! > > Even if you have synchronous MDNs, you may still encounter > problems. Again, it depends on the particular AS2 software running > at the recipient. Some implementations don't bother to look at the > reply-to address if the MDN request is synchronous. Other > implementations will send a negative MDN and reject the data if the > reply-to address doesn't match where the connection is actually > coming from. > > For something that is allegedly standardized, AS2 has too many > configuration options and despite the fact (or becuase of the fact) > it has an IETF RFC, it is too easy to mess up the configuration. > > Here is another real-world thing I've run into a few times. Some > AS2 implementations seem very sensitive to dropped packets. I had > one big retail partner that failed almost every attempt to pass > data. I worked with their Internet person and tried lots of things > without success. What finally made the connection work reliably was > to enable compression. Go figure. > > Some AS2 software suites are easier to work with than others. Many > AS2 users are fixated on Drummond certification, which requires you > to plunk down a lot of money for a certified product. By the time > you find out you don't like your AS2 hub, the money is spent. If > you can, set up a lab with a few servers, and try several competing > AS2 product trial versions before you commit to a vendor. > > -- > Bill Mayhew > > --- In [email protected], Earl Wertheimer <[EMAIL PROTECTED]> wrote: > > > > Pete > > > > > Or, if you can assign the address to be non-numeric, you can > *very* > > > inexpensively pick up an account with an IP forwarding company. > No-ip.com > > > or DNS2GO.com work just fine. > > > > No, that's exactly the problem we are having. We ARE using > DNS2GO, but there > > seems to be a very long delay for the TP's DNS servers to get the > new IP. > > > > What I need to know is if there is a way to force their DNS server > to refresh > > the IP sooner... DNS2Go can update the IP on their own DNS > servers almost > > immediately because of the client software that is always checking > and > > reporting any changes. > > > > There is still a propagation delay amongst all the other DNS > servers, > > especially if the TP has their own DNS server... > > > > I haven't checked if DNS2GO had any problems, but I've been able > to use the URL > > for remote access and AS2 tests, so I don't think that they are > the problem. > > > > > > > > > > > -----Original Message----- > > > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of Earl > > > Wertheimer > > > Sent: Thursday, April 05, 2007 1:34 PM > > > To: Mary DeGroot; [email protected] > > > Subject: Re: [EDI-L] AS2 and Dynamic IPs > > > > > > Dale & Mary, > > > > > > thanks > > > > > > The TP is claiming that the dynamic IP is the problem. > > > > > > I 'ping' client AS2 servers regularly, to make sure that they > are online. > > > If > > > they are not, then an email is sent to the admin... > > > > > > I suspect some kind of 'caching' problem. I am not familiar > with the DNS > > > TTL > > > (Time To Live) settings, but it may be possible that the TP is > storing the > > > current IP in their DNS server, and when the client's IP > changes, the TP is > > > still pointing to the old (and incorrect) IP. > > > > > > They have limited control over their DNS server, so I have to be > sure about > > > the > > > problem and possible solutions. > > > > > > I would like to resolve the problem without involving the TP too > much, if > > > possible. > > > > > > The last resort would be to tell my client to obtain a fixed > IP... > > > > > > > > > > > > -------------- Original message --------------- > > > Date sent: Thu, 05 Apr 2007 11:06:58 -0500 > > > From: "Mary DeGroot" <[EMAIL PROTECTED]> > > > To: "Earl Wertheimer" <[EMAIL PROTECTED]> > > > Send reply to: [EMAIL PROTECTED] > > > Subject: Re: [EDI-L] AS2 and Dynamic IPs > > > > > > > > > If BizLink is not using an HTTP proxy, it is using the DNS > services on the > > > local machine to resolve the URL to an IP address. In this case, > the TP > > > should go to the BizLink machine and try to access your URL. > Take BizLink > > > out of the picture by trying these things: > > > 1. Try to access the URL through a browser window. The AS2 > servers that I > > > have used will usually come back with a splash screen or some > sort of > > > indication that you've hit an AS2 server when using a browser. > If it goes > > > through with the browser on the BizLink machine, then it's a > BizLink > > > problem. The problem might be with how they entered the URL into > BizLink > > > since the only difference in resolving the URL would be with the > URL > > > entered. If you can't get through via the browser, it's probably > a DNS > > > service/network issue. > > > 2. Try to ping or tracert the URL from the BizLink machine. Ping > should at > > > least resolve to your current IP address even if ping is turned > off on your > > > server. Tracert should go through to your current IP address. > Again, if it > > > doesn't go through they probably have a DNS services / network > issue. > > > > > > If the BizLink machine is pointing to a forward HTTP proxy, then > they need > > > to do the above tests from the HTTP proxy machine. They should > also try to > > > access the URL from a browser on the BizLink machine. The > browser needs to > > > be configured to use the forward HTTP proxy that the BizLink > machine is > > > using. Make sure that they can get through their proxy and to > your URL. They > > > need to make sure that the HTTP proxy is set up properly (proxy > URL, proxy > > > User ID, proxy password) in BizLink and that the outbound > transport for you > > > is configured to use the proxy. > > > > > > HTH > > > Mary > > > > > > > > > > > > > > > > > > Has anyone had problem using Dynamic DNS redirection for AS2? > > > > > > > > One of our clients is using DNS2GO to redirect their URL > > > > (www.coname.dns2go.com) to their current IP address. > > > > > > > > We do this because their ISP does not give them a fixed IP > (which is much > > > > cheaper). > > > > > > > > For the last week, one of their TPs has been unable to connect. > > > > The TP is using Inovis Bizlink for their AS2. Our client is > using > > > IP*Works. > > > > > > > > We have never had problems before... > > > > > > > > comments??? > > > > > > > > Earl Wertheimer > > > > [EMAIL PROTECTED] > > > > http://www.spe-edi.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Earl Wertheimer > > > [EMAIL PROTECTED] > > > http://www.spe-edi.com > > > > > > > > > > > > ... > > > Please use the following Message Identifiers as your subject > prefix: > > > <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> > > > > > > Job postings are welcome, but for job postings or requests for > work: <JOBS> > > > IS REQUIRED in the subject line as a prefix. > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > __________ NOD32 2169 (20070405) Information __________ > > > > > > This message was checked by NOD32 antivirus system. > > > http://www.eset.com > > > > > > > > > > > > > > -- Earl Wertheimer / [EMAIL PROTECTED] / http://www.spe-edi.com > > > > > > > ... > Please use the following Message Identifiers as your subject prefix: <SALES>, > <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> > > Job postings are welcome, but for job postings or requests for work: <JOBS> > IS REQUIRED in the subject line as a prefix. > Yahoo! Groups Links > > > > > > > __________ NOD32 2175 (20070409) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > Earl Wertheimer [EMAIL PROTECTED] http://www.spe-edi.com ... Please use the following Message Identifiers as your subject prefix: <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> Job postings are welcome, but for job postings or requests for work: <JOBS> IS REQUIRED in the subject line as a prefix. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/EDI-L/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/EDI-L/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
