Hacker News new | past | comments | ask | show | jobs | submit login
IO name servers down
102 points by gator-io on Sept 20, 2017 | hide | past | favorite | 26 comments
I'm getting swamped DNS resolution errors for anything .IO.

ns-a1.io timesout on every request so do all the others

I'm so glad I passed on the .io TLD for my personal page and got .pizza one instead.

I thought you're joking and then discovered there actually really is a .pizza TLD.


Smart man would get both and load balance the tld

It appears that the issue at first impacted all servers in the anycast pool however eventually it only impacted servers ns-a2 and ns-a4. Those servers started returning NXDOMAINs. I am wondering if this was related to the root server key change yesterday. .IO seems to struggle with basic DNS engineering. We are seeing stabilization except for minor issues still on one of the gTLD servers.

The root server key won't actually change until next month. The DNSKEY responses from the root server was increased yesterday. Speculation, but it could be they're running ancient versions of BIND that fail with the larger response size. As per ICANN[0], the timeline is:

October 27, 2016: KSK rollover process begins as the new KSK is generated.

July 11, 2017: Publication of new KSK in DNS.

September 19, 2017: Size increase for DNSKEY response from root name servers.

October 11, 2017: New KSK begins to sign the root zone key set (the actual rollover event).

January 11, 2018: Revocation of old KSK.

March 22, 2018: Last day the old KSK appears in the root zone.

August 2018: Old key is deleted from equipment in both ICANN Key Management Facilities.

[0]: https://www.icann.org/resources/pages/ksk-rollover

PS - thank you for mentioning this, I wasn't aware it was going to happen until reading your comment.

Correct the actual key change isn’t until next month however yesterday there was a change in response size from the root servers.

For more info check the other post on this topic: https://news.ycombinator.com/item?id=15293578

Not sure why that was taken of the front page suddenly.

Noticed this issue this morning too...


Interestingly enough I found that only some of them were returning NXDOMAIN's, so resolution would sometimes work and sometimes it would fail completely.

Same here for my startup commando.io. Using AWS Route53. What DNS provider are you using?

From the AWS status page:

"Some customers have reported intermittent resolution issues with .io domains. We can confirm that Route 53 DNS services are operating normally at this time and these issues seem to be related to the .io top-level domain provider."

I run a DNS monitoring service and have had a number of customers contact me about this in the past couple hours. Most of them were using Route53, but this is an issue with the IO authoritative nameservers, rather than Route53 itself.

Same here, also using Route 53.

I was certain I was getting DDoS'd, but then I inspected the Pingdom down notifications and seeing: DNS error

This is almost completely irrelevant, but what are you doing where you jump to DDoS before misconfiguration or a service outage?

Same here on Route53.

I am so done with .io. This is one of many issues they've had in the last year.

My problem is that we have scripts all over customer websites hardcoded with api.gator.io

We're going to have to have them update the scripts and that is going to be a major pain.

Heh, it's even in your phone number

> 1-844-GATOR-IO

team mate posted on HN already about this: https://news.ycombinator.com/item?id=15293578

Not a surprise; country code top-level domains are run poorly and I sure wouldn’t stick all of my eggs in this single basket.

These two nameservers: ns-a2.io, ns-a4.io return wrong results consistently

Everything appears to be functioning at this point

Seems to be sorted now

That is a news report from July.

Well, the .io domain name is intended for the British Indian Ocean territory.

I think the common practice of misusing TLDs (such as registering an .io domain if you are not from the British Indian Ocean territory, or having a Soviet Union domain... a country that no longer exist), is bad.

However, I acknowledge this is not the root problem. The root problem is the scarcity of domains under traditional TLDs, and that's in great part due to speculation (e.g: domain parking). It is hard to establish what constitutes placeholder content, therefore rules preventing domain parking are hard if not unfeasible to forbid.

Thankfully built-in parking AdBlock on newer browsers is forcing domain speculators to start dropping their less valuable names, as parking pages are no longer producing any revenue. I see most tech companies coming back to .COM once their given domain is available / priced cheaply as speculators are forced to sell.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact