Not able to downlaod packages from http://downloads.openwrt.org/chaos_calmer

Hi all,
I am not able reach http://downloads.openwrt.org/

Me neither. It has been happening since yesterday. Nsloopkup returns SERVFAIL. All openwrt.org domains are affected.
I am using OpenDNS and adding 8.8.8.8 to the list of DNS servers fixes the issue.

Me neither, Which is ip openwrt.org i am able add to host in my pc.

The root Nameservers for the openwrt.org domain

Name Server: ARRAKIS.DUNE.HU
Name Server: BELATEGEUSE.DUNE.HU
Name Server: SOAPSTONE.YURI.ORG.UK

are not returning proper answers to (www.) openwrt.org.
As the servers are still broken this will propagate through all the caching DNS Servers throughout the day and everyone wont be able to access these sites until this gets fixed.

Edit: you could probably try forcing a host entry with this ip: 139.59.209.225
Edit2: I collected some info from some cached dns replies.

139.59.209.225 openwrt.org
139.59.209.225 www.openwrt.org
81.0.124.216 wiki.openwrt.org
46.101.214.210 git.openwrt.org
78.24.191.177 forum.openwrt.org
148.251.78.235	downloads.openwrt.org

# not really needed
148.251.78.235 hetzner.openwrt.org

This should get everyone somewhat up and running.

Edit3: Sorry for the passive aggressiveness above, i got rid of it.
Just got a link from the irc with all ips: https://pastebin.com/Gzw5wTvE

FYI: There is a discussion on the mailing list ongoing regarding DNS servers for openwrt.org.
Hopefully the changes will propagate quickly through the DNS servers and make openwrt.org accessible again.

As thomas indicated, an update to the DNS was put in over the weekend, but is taking time to propagate. A quick fix is to set your router to point at the OpenDNS servers at 208.67.222.220 and 208.67.222.222
I did that this AM and am able to access the domains resources.

Just tried and it is not working yet for me.

@JonFo
That will not work for long, as once the "root" info about openwrt.org gets stale at opendns, that opendns server needs to get new validation from the openwrt.org root DNS server, which is now down.

@jow posted a temporary workaround in Global openwrt.org DNS outage

You can direct your own DNS client/server (your Openwrt router) to believe that 173.245.58.51 has the correct DNS root info for the whole openwrt.org domain. Jow has configured that with the needed info about the domain.

I did that and all other services work now for me except forum.openwrt.org that is apparently in the same physical server complex as the main DNS server.

1 Like

I already did that and it is working, thx.

OK...this is true...

  • what were the original A Records' TTL?
  • were the NS Records changed, if so what were their the original TTL?
  • if the NSs changed, do these reflect actual changes at the registrar???

Telling people to make A Records is not good practice...also, this is not how propagation works.

Lastly, from what I can see, (at the time of my post) there are no active NS Records for OPENWRT.ORG. at the ORG. Root. The new records should exist.

Did you read jow's message that I linked above
The whole thing is due to hardware failure during weekend that took down the name servers.

he means dns is more massed while somebody tried to change authritive nameserver that now DNS for openwrt.org won't work even if the machine failed came back online

1 Like

The domain info at the registrar has finally been updated a few hours ago (2018-05-08T03:03:51Z) with new name servers.

http://lists.infradead.org/pipermail/lede-dev/2018-May/012186.html

The correct new info (name servers set for nsX.digitalocean.com):

Domain Name: OPENWRT.ORG
Domain ID: D104186352-LROR
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2018-05-08T03:03:51Z
Creation Date: 2004-04-02T22:32:12Z
Registrar Registration Expiration Date: 2019-04-02T22:32:12Z
Registrar: TUCOWS, INC.
...
Name Server: NS1.DIGITALOCEAN.COM
Name Server: NS2.DIGITALOCEAN.COM
Name Server: NS3.DIGITALOCEAN.COM

Things should get fixed soon (except regarding forum.openwrt.org that is on the same physical hosts as the old name servers at dune.hu).

You can find the Chaos Calmer stuff also at
https://downloads.lede-project.org/
leading to
http://archive.openwrt.org/chaos_calmer/15.05.1/

(seems that downloads.openwrt.org has not yet recovered from the DNS outage)

Thank you very much hnyman.I am now able to download packages,

I did read. I've just never used a non-specified master - or seen one fail in-production. I get it now.

Glad it's in order.

Correct, that's what I was alluding to.

This was the correct fix.
At the time of my first post:

dsktp:~$ dig openwrt.org. -t NS

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> openwrt.org. -t NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51204
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;openwrt.org.			IN	NS

;; Query time: 387 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon May 07 21:40:22 EDT 2018
;; MSG SIZE  rcvd: 40

Now:

dsktp:~$ dig openwrt.org. -t NS

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> openwrt.org. -t NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11876
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;openwrt.org.			IN	NS

;; ANSWER SECTION:
openwrt.org.		1800	IN	NS	ns3.digitalocean.com.
openwrt.org.		1800	IN	NS	ns2.digitalocean.com.
openwrt.org.		1800	IN	NS	ns1.digitalocean.com.

The problem reappeared. The server downtime is now 5 hours. The server disconnected just when I was updating the packages. Device did not start after the restart. I had to make a new flash. I'm sitting and waiting to reinstall the system, at least to some usable form for installing packages, and in the morning the device was ready to work.
OpenWrt has dropped to a very low level in my eyes.

It's a paradox. So many people are devoting time to developing an entire operating system to provide global alternatives and "better" options than official routers provide. And the thing like having packages and firmware available at all is at a level where you don't get to them at all for quite a long time. The question is whether the owner knows about the outage and it would not be appropriate to use a watchdog, because outages are quite common for many years.

Domains:
http://download.openwrt.org
http://downloads.openwrt.org
https://download.openwrt.org
https://downloads.openwrt.org
is not accesible.

1 Like

yep, its down! confirmed

Workaround posted in another thread about this issue. Unable to access downloads.openwrt.org/releases(504 Gateway Time-out) (502 Bad Gateway)