[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IDD #JRM-232824]: Loss of link to Unidata server

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

Subject: [IDD #JRM-232824]: Loss of link to Unidata server
Date: Mon, 11 Aug 2014 12:35:54 -0600

Hi James,

re:
> This morning, we lost connection to idd.unidata.ucar.edu(shortly after
> 1700 UTC 11 August). In the ldmd.log this notice appears:
> 
> Aug 11 11:10:39 horus idd.unidata.ucar.edu[16793] NOTE: Upstream LDM
> didn't reply to FEEDME request; RPC: Unable to receive; errno =
> Connection reset by peer
> 
> 
> A similar message occurs for the secondary connection to
> aeolus.ucsd.edu.

The fact that two independent upstreams are now denying your feed
REQUESTs suggests that something is amiss on your side.  Please see
my comment further in this reply.

re:
> When I type "notifyme -vl- -f ANY -h idd.unidata.ucar.edu", I see the 
> following:
> 
> Aug 11 18:09:02 notifyme[16850] NOTE: Starting Up: idd.unidata.ucar.edu:
> 20140811180902.363 TS_ENDT {{ANY,  ".*"}}
> Aug 11 18:09:02 notifyme[16850] NOTE: LDM-5 desired product-class:
> 20140811180902.363 TS_ENDT {{ANY,  ".*"}}
> Aug 11 18:09:02 notifyme[16850] INFO: Resolving idd.unidata.ucar.edu to
> 128.117.140.3 took 0.001399 seconds
> Aug 11 18:09:02 notifyme[16850] ERROR: NOTIFYME(idd.unidata.ucar.edu):
> 7: Access denied by remote server
> 
> 
> Again, a similar outcome occurs for aeolus.ucsd.edu.

Since we have made _no_ changes to ALLOWs on our top level IDD relay
cluster, idd.unidata.ucar.edu, it sounds like DNS for your machine is
no longer available.  Lack of reverse DNS (IP -> name) would prevent
the ALLOW already in-place for your machines from working.

re:
> If the allow access for horus.atmos.ucla.edu and indra.atmos.ucla.edu
> have been removed, can you please restore them?

The ALLOWs have not been removed.  I appreciate you including the fully
qualified names of your LDM machines as this allowed me to see what
is going wrong:

% nslookup horus.atmos.ucla.edu
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
Name:   horus.atmos.ucla.edu
Address: 128.97.77.43

This shows that forward DNS works correctly for horus.

% nslookup 128.97.77.43
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
43.77.97.128.in-addr.arpa       name = 
horus.atmos.ucla.edu.77.97.128.in-addr.arpa.

Authoritative answers can be found from:
43.77.97.128.in-addr.arpa       nameserver = kerberos.atmos.ucla.edu.
kerberos.atmos.ucla.edu internet address = 128.97.58.42

This shows that reverse DNS is _NOT_ working correctly for horus.

However, both forward and reverse DNS are working for indra:

% nslookup indra.atmos.ucla.edu
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
Name:   indra.atmos.ucla.edu
Address: 128.97.58.212

% nslookup 128.97.58.212
Server:         192.168.72.2
Address:        192.168.72.2#53

Non-authoritative answer:
212.58.97.128.in-addr.arpa      name = indra.atmos.ucla.edu.

Authoritative answers can be found from:
212.58.97.128.in-addr.arpa      nameserver = zeus.atmos.ucla.edu.
212.58.97.128.in-addr.arpa      nameserver = kerberos.atmos.ucla.edu.
zeus.atmos.ucla.edu     internet address = 128.97.58.58
kerberos.atmos.ucla.edu internet address = 128.97.58.42

'indra' should, therefore, be able to REQUEST data from idd.unidata.ucar.edu
(and, presumably, from aeolus.ucsd.edu).

re:
> If I'm supposed to
> access different server, I would appreciate the names of a primary and
> secondary source.

Nope, we have valid ALLOWs for your machines.  The problem on horus is
reverse DNS has been mucked-up somewhere.  Can you check with your
networking folks?

re:
> Thanks in advance.

No worries.  Sorry for the hassles!

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: JRM-232824
Department: Support IDD
Priority: Normal
Status: Closed

Prev by Date: [IDD #DZN-544812]: trying to get NAM218 grib2 on pqact.conf
Next by Date: [IDD #DZN-544812]: trying to get NAM218 grib2 on pqact.conf
Previous by thread: [IDD #XEC-580619]: IDD Peering request from Unidata
Next by thread: [IDD #JRM-232824]: Loss of link to Unidata server
Index(es):
- Date
- Thread