Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Re: 208.91.197.27

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vhtan00
      last edited by

      Greetings,

      I have an issue where if I trying to ping a random host (does not even have to exist), it will resolve it to 208.91.197.27.  For, example, I can ping

      [2.2.4-RELEASE][admin@mypfsense.mydomain.net]/root: ping unknown
      PING unknown.mydomain.net (208.91.197.27): 56 data bytes
      64 bytes from 208.91.197.27: icmp_seq=0 ttl=244 time=49.751 ms
      64 bytes from 208.91.197.27: icmp_seq=1 ttl=244 time=53.257 ms
      64 bytes from 208.91.197.27: icmp_seq=2 ttl=244 time=49.659 ms
      64 bytes from 208.91.197.27: icmp_seq=3 ttl=244 time=50.450 ms
      64 bytes from 208.91.197.27: icmp_seq=4 ttl=244 time=50.511 ms
      64 bytes from 208.91.197.27: icmp_seq=5 ttl=244 time=54.054 ms
      64 bytes from 208.91.197.27: icmp_seq=6 ttl=244 time=51.059 ms
      64 bytes from 208.91.197.27: icmp_seq=7 ttl=244 time=51.623 ms

      my DNS is setup to point to 8.8.8.8 primary, and 4.2.2.2 for secondary.  Any idea why random names are getting resolved to that IP?

      Thanks for the help!

      vhtan00

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Why? Because the guys running the 4.2.2.2 DNS server apparently love hijacking nonexistent domains. Do not use that evil DNS server.

        http://drewgraybeal.blogspot.cz/2015/05/level-3-dns-hijacking-4222-and-others.html

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          mydomain.net would be a HORRIFIC example of doamin that doesn't exist because it actually does

          Domain Name: MYDOMAIN.NET
          Registry Domain ID: 2563492_DOMAIN_NET-VRSN
          Registrar WHOIS Server: whois.domain.com
          Registrar URL: www.domain.com
          Updated Date: 2015-03-18T03:47:21Z
          Creation Date: 1996-04-15T04:00:00Z
          Registrar Registration Expiration Date: 2016-04-16T04:00:00Z
          Registrar: Domain.com, LLC
          Registrar IANA ID: 886
          Registrar Abuse Contact Email: compliance@domain-inc.net
          Registrar Abuse Contact Phone: +1.6027165396
          Reseller: Domain Name Holding Company, Inc
          Reseller: corpdomains@endurance.com

          why don't you ping something like testhost.lasjlfdsjfdzlsjfdljfdszljwslfe.com what comes up then?

          Most domains that are being held or parked have wild card records so yeah lasjfdlsjfljfsdljfd.mydomain.net would resolve..

          ;; QUESTION SECTION:
          ;; lsjfldsjsdf.mydomain.net.    IN      A

          ;; ANSWER SECTION:
          lsjfldsjsdf.mydomain.net.      1800    IN      A      66.150.161.140
          lsjfldsjsdf.mydomain.net.      1800    IN      A      69.25.27.170
          lsjfldsjsdf.mydomain.net.      1800    IN      A      63.251.171.81
          lsjfldsjsdf.mydomain.net.      1800    IN      A      63.251.171.80
          lsjfldsjsdf.mydomain.net.      1800    IN      A      69.25.27.173
          lsjfldsjsdf.mydomain.net.      1800    IN      A      66.150.161.141

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            
            ; <<>> DiG 9.9.6-P1 <<>> testhost.lasjlfdsjfdzlsjfdljfdszljwslfe @4.2.2.2
            ;; global options: +cmd
            ;; Got answer:
            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61611
            ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
            
            ;; QUESTION SECTION:
            ;testhost.lasjlfdsjfdzlsjfdljfdszljwslfe. IN A
            
            ;; ANSWER SECTION:
            testhost.lasjlfdsjfdzlsjfdljfdszljwslfe. 10 IN A 198.105.244.11
            testhost.lasjlfdsjfdzlsjfdljfdszljwslfe. 10 IN A 198.105.254.11
            
            ;; Query time: 49 msec
            ;; SERVER: 4.2.2.2#53(4.2.2.2)
            ;; WHEN: Wed Sep 09 14:08:53 CEST 2015
            ;; MSG SIZE  rcvd: 89
            
            

            You must "love" such "service", no?  ::) ::) ::)

            1 Reply Last reply Reply Quote 0
            • V
              vhtan00
              last edited by

              I apologize, I should have been more specific.  I replaced my internal domain name (for security purpose) with "mydomain.net".  I'll try switching the public DNS server with my ISP's to see if the problem goes away.

              Thank you.

              vhtan00

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                yeah I am with you dok.. Got to love the dns services that hand out parking and nonsense with nx domains vs nx..

                Which is part of the reason I run a RESOLVER vs Forwarder ;)

                If you don't want such stuff to happen resolve don't forward would be my suggestion.. Many of the pop public name servers do that.. opendns was one of the first that was terrible at it with redirects, they got a lot of gruff about it too.

                google hasn't started doing it that I am aware

                C:>dig @8.8.8.8 lsjfdlsjsfd.odsjldsjfslfd.com

                ; <<>> DiG 9.10.3rc1 <<>> @8.8.8.8 lsjfdlsjsfd.odsjldsjfslfd.com
                ; (1 server found)
                ;; global options: +cmd
                ;; Got answer:
                ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10285
                ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

                ;; OPT PSEUDOSECTION:
                ; EDNS: version: 0, flags:; udp: 512
                ;; QUESTION SECTION:
                ;lsjfdlsjsfd.odsjldsjfslfd.com. IN      A

                ;; AUTHORITY SECTION:
                com.                    899    IN      SOA    a.gtld-servers.net. nstld.verisign-grs.com. 1441801312 1800 900 604800 86400

                ;; Query time: 83 msec
                ;; SERVER: 8.8.8.8#53(8.8.8.8)
                ;; WHEN: Wed Sep 09 07:22:12 Central Daylight Time 2015
                ;; MSG SIZE  rcvd: 131

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.