Sent from my iPhone > On Sep 8, 2016, at 7:32 PM, Predrag Punosevac <[email protected]> wrote: > > Dear All, > > I have being scratching my head over this issue for two days now so I am > soliciting help from numerous ISP and network engineers who are luring > on this list. > > I upgraded all machines on my home network to > > predrag@oko$ uname -a > OpenBSD oko.bagdala2.net 6.0 GENERIC.MP#0 amd64 > > on September 2 and a day latter I started having a very strange issue > connecting to my employer network > > (Carnegie Mellon University 128.2.0.0/16) > > Namely on three random days since September 2 I could not ssh nor see > the web content on any of CMU machines for several hours at the time. > My fist suspect was my own DNS. I run my own Unbound cashing DNS. Sure > enough I could not dig any of CMU machines except the one for which I > hold A record (actually EasyDNS is doing it for me). So I switched off > my own DNS at home and started using Google and OpenDNS DNS server and > shure enough I could dig all CMU machines including the one for which I > don't hold DNS records. However I still could not ping them even with a > correct IPv4 address. At this point I concur that I didn't run > traceroute but I tried something else that made me believe that it might > not be problem with my own network. > > Namely I logged to my devio.us and freeshell.org shell accounts. I was > able to ping CMU machines and my home network. I was able from devio.us > and freeshell.org to dig my work machines. I was also able to ssh to > them. Great. Now I tried to ping from my CMU computers my home network > with the correct IPv4 address and I was not getting respond. No my > firewall is not a problem. I am letting ping in and I was able all that > time to ping from devio.us and freeshell.org. At this point I was truly > stamped. It almost felt that either CMU was blocking my home IP address > or my ISP was blocking CMU addresses possibly due to DoS attack). > > I have not tried reseting DHCP lease on my home network to see if I > would do better with a different IP from my ISP. Note also that IPv6 is > turned off on my home and at work. > > At this point as somebody who has never dealt with more serious things > like BGPD and who don't really understand how ISP business works I am > running out of ideas with the exception of traceroute which I will run > if I lose ssh connection again (right now is working perfectly and I am > using my own DNS server again). > > Thanks for the help. > Predrag > > P.S. Oh yes I tired flashing my own DNS and fetching new root.key file > but was not helpfull.
I think there was a change to unbound.conf with the upgrade. Possibly did you choose the wrong option and install the temporary file?
