Edgar Pettijohn <[email protected]> wrote: > > > Sent from my iPhone > > > On Sep 8, 2016, at 7:32 PM, Predrag Punosevac <[email protected]> wrote: > > > > Dear All, > > > > I have being scratching my head over this issue for two days now so I am > > soliciting help from numerous ISP and network engineers who are luring > > on this list. > > > > I upgraded all machines on my home network to > > > > predrag@oko$ uname -a > > OpenBSD oko.bagdala2.net 6.0 GENERIC.MP#0 amd64 > > > > on September 2 and a day latter I started having a very strange issue > > connecting to my employer network > > > > (Carnegie Mellon University 128.2.0.0/16) > > > > Namely on three random days since September 2 I could not ssh nor see > > the web content on any of CMU machines for several hours at the time. > > My fist suspect was my own DNS. I run my own Unbound cashing DNS. Sure > > enough I could not dig any of CMU machines except the one for which I > > hold A record (actually EasyDNS is doing it for me). So I switched off > > my own DNS at home and started using Google and OpenDNS DNS server and > > shure enough I could dig all CMU machines including the one for which I > > don't hold DNS records. However I still could not ping them even with a > > correct IPv4 address. At this point I concur that I didn't run > > traceroute but I tried something else that made me believe that it might > > not be problem with my own network. > > > > Namely I logged to my devio.us and freeshell.org shell accounts. I was > > able to ping CMU machines and my home network. I was able from devio.us > > and freeshell.org to dig my work machines. I was also able to ssh to > > them. Great. Now I tried to ping from my CMU computers my home network > > with the correct IPv4 address and I was not getting respond. No my > > firewall is not a problem. I am letting ping in and I was able all that > > time to ping from devio.us and freeshell.org. At this point I was truly > > stamped. It almost felt that either CMU was blocking my home IP address > > or my ISP was blocking CMU addresses possibly due to DoS attack). > > > > I have not tried reseting DHCP lease on my home network to see if I > > would do better with a different IP from my ISP. Note also that IPv6 is > > turned off on my home and at work. > > > > At this point as somebody who has never dealt with more serious things > > like BGPD and who don't really understand how ISP business works I am > > running out of ideas with the exception of traceroute which I will run > > if I lose ssh connection again (right now is working perfectly and I am > > using my own DNS server again). > > > > Thanks for the help. > > Predrag > > > > P.S. Oh yes I tired flashing my own DNS and fetching new root.key file > > but was not helpfull. > > I think there was a change to unbound.conf with the upgrade. Possibly did you > choose the wrong option and install the temporary file?
I run sysmerge due to the changes in ssh and unbound and decided to keep my old unbound.conf and install new sshd.conf file. Should I have installed new unbound.conf file and then edit it? Predrag
