Re: 208.91.197.27
-
Greetings,
I have an issue where if I trying to ping a random host (does not even have to exist), it will resolve it to 208.91.197.27. For, example, I can ping
[2.2.4-RELEASE][admin@mypfsense.mydomain.net]/root: ping unknown
PING unknown.mydomain.net (208.91.197.27): 56 data bytes
64 bytes from 208.91.197.27: icmp_seq=0 ttl=244 time=49.751 ms
64 bytes from 208.91.197.27: icmp_seq=1 ttl=244 time=53.257 ms
64 bytes from 208.91.197.27: icmp_seq=2 ttl=244 time=49.659 ms
64 bytes from 208.91.197.27: icmp_seq=3 ttl=244 time=50.450 ms
64 bytes from 208.91.197.27: icmp_seq=4 ttl=244 time=50.511 ms
64 bytes from 208.91.197.27: icmp_seq=5 ttl=244 time=54.054 ms
64 bytes from 208.91.197.27: icmp_seq=6 ttl=244 time=51.059 ms
64 bytes from 208.91.197.27: icmp_seq=7 ttl=244 time=51.623 msmy DNS is setup to point to 8.8.8.8 primary, and 4.2.2.2 for secondary. Any idea why random names are getting resolved to that IP?
Thanks for the help!
vhtan00
-
Why? Because the guys running the 4.2.2.2 DNS server apparently love hijacking nonexistent domains. Do not use that evil DNS server.
http://drewgraybeal.blogspot.cz/2015/05/level-3-dns-hijacking-4222-and-others.html
-
mydomain.net would be a HORRIFIC example of doamin that doesn't exist because it actually does
Domain Name: MYDOMAIN.NET
Registry Domain ID: 2563492_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.domain.com
Registrar URL: www.domain.com
Updated Date: 2015-03-18T03:47:21Z
Creation Date: 1996-04-15T04:00:00Z
Registrar Registration Expiration Date: 2016-04-16T04:00:00Z
Registrar: Domain.com, LLC
Registrar IANA ID: 886
Registrar Abuse Contact Email: compliance@domain-inc.net
Registrar Abuse Contact Phone: +1.6027165396
Reseller: Domain Name Holding Company, Inc
Reseller: corpdomains@endurance.comwhy don't you ping something like testhost.lasjlfdsjfdzlsjfdljfdszljwslfe.com what comes up then?
Most domains that are being held or parked have wild card records so yeah lasjfdlsjfljfsdljfd.mydomain.net would resolve..
;; QUESTION SECTION:
;; lsjfldsjsdf.mydomain.net. IN A;; ANSWER SECTION:
lsjfldsjsdf.mydomain.net. 1800 IN A 66.150.161.140
lsjfldsjsdf.mydomain.net. 1800 IN A 69.25.27.170
lsjfldsjsdf.mydomain.net. 1800 IN A 63.251.171.81
lsjfldsjsdf.mydomain.net. 1800 IN A 63.251.171.80
lsjfldsjsdf.mydomain.net. 1800 IN A 69.25.27.173
lsjfldsjsdf.mydomain.net. 1800 IN A 66.150.161.141 -
; <<>> DiG 9.9.6-P1 <<>> testhost.lasjlfdsjfdzlsjfdljfdszljwslfe @4.2.2.2 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61611 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;testhost.lasjlfdsjfdzlsjfdljfdszljwslfe. IN A ;; ANSWER SECTION: testhost.lasjlfdsjfdzlsjfdljfdszljwslfe. 10 IN A 198.105.244.11 testhost.lasjlfdsjfdzlsjfdljfdszljwslfe. 10 IN A 198.105.254.11 ;; Query time: 49 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Wed Sep 09 14:08:53 CEST 2015 ;; MSG SIZE rcvd: 89
You must "love" such "service", no? ::) ::) ::)
-
I apologize, I should have been more specific. I replaced my internal domain name (for security purpose) with "mydomain.net". I'll try switching the public DNS server with my ISP's to see if the problem goes away.
Thank you.
vhtan00
-
yeah I am with you dok.. Got to love the dns services that hand out parking and nonsense with nx domains vs nx..
Which is part of the reason I run a RESOLVER vs Forwarder ;)
If you don't want such stuff to happen resolve don't forward would be my suggestion.. Many of the pop public name servers do that.. opendns was one of the first that was terrible at it with redirects, they got a lot of gruff about it too.
google hasn't started doing it that I am aware
C:>dig @8.8.8.8 lsjfdlsjsfd.odsjldsjfslfd.com
; <<>> DiG 9.10.3rc1 <<>> @8.8.8.8 lsjfdlsjsfd.odsjldsjfslfd.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10285
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;lsjfdlsjsfd.odsjldsjfslfd.com. IN A;; AUTHORITY SECTION:
com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1441801312 1800 900 604800 86400;; Query time: 83 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Sep 09 07:22:12 Central Daylight Time 2015
;; MSG SIZE rcvd: 131