|
|
Last weekend, I saw an issue where a domain was resolving to apparently the wrong IP address. Using pi-hole and google's DNS servers, the problem vanished shortly after for me.
However someone who was accessing via a BT connection and using BTs homehub & DNS in a very standard (out of the box) approach is still seeing incorrect DNS resolution.
Can someone check to see what mail.dorsetiam.org.uk resolves to via BTs DNS? It should point to 77.72.0.130
I've tried an ipconfig /flushdns on their machine (via Quick Assist) and that didn't help. nslookup returns the wrong IP (I didn't make a note of what it was), on their machine.
Thanks 
Vodafone Fibre (Superfast2 - 80/20), Draytek 130, DrayTek 2925, DrayTek AP-910c x 2
(Gone but not forgotten: AP-700, 2820n x 2, 2800vg, 2800, HG612)
Speedtests:
ThinkBB - Mini | ThinkBB - Full | Speedtest.net |
|
|
That's how it resolves for me, currently using ISP assigned dns servers.
plusnet FTTC 55/10
Using a Fritz!Box 7530
Live BQM
|
|
|
From my own DNS resolver:
| Text | 1
23
45
67
| C:>nslookup mail.dorsetiam.org.uk
Server: pfSense.localdomain
Non-authoritative answer:Name: dorsetiam.org.uk
Address: 77.72.0.130Aliases: mail.dorsetiam.org.uk |
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
Pi-Hole and Unbound.
|
|
|
Last weekend, I saw an issue where a domain was resolving to apparently the wrong IP address. Using pi-hole and google's DNS servers, the problem vanished shortly after for me.
However someone who was accessing via a BT connection and using BTs homehub & DNS in a very standard (out of the box) approach is still seeing incorrect DNS resolution.
Can someone check to see what mail.dorsetiam.org.uk resolves to via BTs DNS? It should point to 77.72.0.130
I've tried an ipconfig /flushdns on their machine (via Quick Assist) and that didn't help. nslookup returns the wrong IP (I didn't make a note of what it was), on their machine.
Thanks i get this ip 81.17.29.147 using DNS crypt (mail.dorsetiam.org.uk ) But 77.72.0.130 for dorsetiam.org.uk Just re-tried and now get 77.72.0.130 for both
Edited by tommy45 (Tue 07-Jun-22 19:59:51)
|
|
|
|
Typical Plusnet DNS server (212.159.13.49) -> 77.72.0.130
CNAME mail.dorsetiam.org.uk dorsetiam.org.uk
A dorsetiam.org.uk 77.72.0.130
Ditto for opendns, google et al. I can't get any sensible response at all from trying to use any of the alleged BT DNS Servers but that could simply be because I'm technically not on a BT connection and don't have a BT allocated IP.
|
|
|
Tracing route to mail.dorsetiam.org.uk [63.141.242.45]
From BT using their DNS
BT Full Fibre 500 via ASUS RT-AX88U
IPv4 BQM
|
|
|
Yep I know we are talk about MX records and it A records IP numbers.
https://www.whatsmydns.net/#A/mail.dorsetiam.org.uk
It seams to show 63.141.242.43 / 77.72.0.130 / 81.17.18.197 / 192.187.111.221
|
|
|
I can get different things off loads of different servers (I am on BT). It's not an A record, it's a CNAME, and I've seen Google's DNS servers return:
77.72.0.130
63.141.242.44
81.17.18.197
81.17.29.147
Sometimes it returns an A record with no sign of a CNAME. It doesn't look like it's just a BT issue either:
https://www.whatsmydns.net/#A/mail.dorsetiam.org.uk
RIPE seem to also think there are problems
https://stat.ripe.net/widget/dns-check#w.resource=do...
|
|
|
That looks like the IP I saw earlier via the BT connection (and quite possibly the one I briefly saw on my setup on Sat).
I'm confused as to how this could have happened. None of the other domains which are configured the same way (Fasthosts and Krystal nameservers) have suffered the same fate.
Vodafone Fibre (Superfast2 - 80/20), Draytek 130, DrayTek 2925, DrayTek AP-910c x 2
(Gone but not forgotten: AP-700, 2820n x 2, 2800vg, 2800, HG612)
Speedtests:
ThinkBB - Mini | ThinkBB - Full | Speedtest.net |
|
|
|
ares.krystal.co.uk [77.72.0.130]
|
|
|
Would it be posiable to change your NS to use one at cloudflare?
https://www.cloudflare.com
|
|
|
I'm not sure using Cloudflare will help that much as I'm getting differing results from multiple queries:
| Text | 1
23
45
67
89
1011
1213
1415
1617
1819
2021
2223
2425
2627
2829
3031
3233
3435
3637
3839
4041
4243
4445
4647
4849
5051
5253
5455
5657
5859
6061
6263
6465
6667
6869
7071
7273
7475
7677
7879
8081
8283
| $ dig mail.dorsetiam.org.uk @1.1.1.1
; <<>> DiG 9.16.1-Ubuntu <<>> mail.dorsetiam.org.uk @1.1.1.1
;; global options: +cmd;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10341;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:
;mail.dorsetiam.org.uk. IN A
;; ANSWER SECTION:mail.dorsetiam.org.uk. 14400 IN CNAME dorsetiam.org.uk.
dorsetiam.org.uk. 14400 IN A 77.72.0.130
;; Query time: 259 msec;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jun 07 21:15:23 BST 2022;; MSG SIZE rcvd: 80
$ dig mail.dorsetiam.org.uk @1.1.1.1
; <<>> DiG 9.16.1-Ubuntu <<>> mail.dorsetiam.org.uk @1.1.1.1
;; global options: +cmd;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11365;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:
;mail.dorsetiam.org.uk. IN A
;; ANSWER SECTION:mail.dorsetiam.org.uk. 600 IN A 63.141.242.44
;; Query time: 327 msec
;; SERVER: 1.1.1.1#53(1.1.1.1);; WHEN: Tue Jun 07 21:15:25 BST 2022
;; MSG SIZE rcvd: 66$ dig mail.dorsetiam.org.uk @1.1.1.1
; <<>> DiG 9.16.1-Ubuntu <<>> mail.dorsetiam.org.uk @1.1.1.1
;; global options: +cmd;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14359;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:
;mail.dorsetiam.org.uk. IN A
;; ANSWER SECTION:mail.dorsetiam.org.uk. 14400 IN CNAME dorsetiam.org.uk.
dorsetiam.org.uk. 14400 IN A 77.72.0.130
;; Query time: 71 msec;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jun 07 21:15:40 BST 2022;; MSG SIZE rcvd: 80
$ dig mail.dorsetiam.org.uk @1.1.1.1
; <<>> DiG 9.16.1-Ubuntu <<>> mail.dorsetiam.org.uk @1.1.1.1;; global options: +cmd
;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27313
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:;mail.dorsetiam.org.uk. IN A
;; ANSWER SECTION:
mail.dorsetiam.org.uk. 600 IN A 81.17.18.197
;; Query time: 143 msec;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jun 07 21:16:38 BST 2022;; MSG SIZE rcvd: 66 |
Edited by zeb99 (Tue 07-Jun-22 22:08:27)
|
|
|
I would suggest you get in contact with Fasthosts to fix the first nameserver:
| Text | 1
23
45
67
89
1011
1213
1415
1617
1819
2021
2223
2425
| $ whois dorsetiam.org.uk
Domain name:
dorsetiam.org.uk
Data validation: Nominet was able to match the registrant's name and address against a 3rd party data source on 12-Jun-2015
Registrar:
Fasthosts Internet Ltd [Tag = LIVEDOMAINS] URL: http://www.fasthosts.co.uk
Relevant dates:
Registered on: 03-Apr-2006 Expiry date: 03-Apr-2027
Last updated: 04-Mar-2022
Registration status: Registered until expiry date.
Name servers:
ns1.krsytal.co.uk ns2.krystal.co.uk 139.162.230.184
WHOIS lookup made at 22:10:36 07-Jun-2022 |
It should, presumably, be ns1.krystal.co.uk, not ns1.krsytal.co.uk - right letters, wrong order!
|
|
|
In reply to a post by zeb99:
https://www.youtube.com/watch?v=uMPEUcVyJsc
|
|
|
Just to expand on what zeb99 has correctly identified.
The documented correct nameservers are listed on https://help.krystal.uk/domains/what-are-krystal-s-n...
They should be (.co.uk seems to resolve also):
ns1.krystal.uk
ns2.krystal.uk
They are currently:
ns1.krsytal.co.uk
ns2.krystal.co.uk 139.162.230.184
i.e. as zeb99 says ns1 has a misspelling, ns2 is a concatenation of the nameserver domain and it's IP address when it should just be the domain, it's possible systems are actually ignoring everything after the spaces.
You're getting weird resolutions because the wrong ns1 entry appears to have been setup to send valid replies and intercept traffic.
Whether you get valid or invalid resolutions depends which nameserver entry is used, then it'll get cached for a period of time.
$ dig mail.dorsetiam.org.uk @ns1.krsytal.co.uk +short
81.17.18.197
You should be able to update the nameservers via the Fasthosts control panel, it can take quite a while to update everywhere though.
Edited by miken06 (Wed 08-Jun-22 08:51:26)
|
|
|
Cheers all - good spot. Update applied.
That configuration with Fasthosts has been like that for years, so I'm going to guess that someone has recently registered the domain krsytal.co.uk and whacked a public name server on it ns1
| Text | 1
23
45
67
89
1011
1213
1415
1617
1819
2021
| C:\Users\matth>nslookup
Default Server: pi.holeAddress: 192.168.100.15
> server ns1.krsytal.co.uk
Default Server: ns1.krsytal.co.ukAddress: 81.17.29.150
> dorsetiam.org.uk
Server: ns1.krsytal.co.ukAddress: 81.17.29.150
Name: dorsetiam.org.uk
Address: 81.17.29.146
> balls.comServer: ns1.krsytal.co.uk
Address: 81.17.29.150
*** ns1.krsytal.co.uk can't find balls.com: Query refused> |
Arh yes, recently registered:
| Text | 1
23
45
6 | whois:krsytal.co.uk
Name ValueRegistered on 02-Jun-2022
Expiry date 02-Jun-2023Last updated 02-Jun-2022
WHOIS lookup made at 09:33:29 08-Jun-2022 |
Vodafone Fibre (Superfast2 - 80/20), Draytek 130, DrayTek 2925, DrayTek AP-910c x 2
(Gone but not forgotten: AP-700, 2820n x 2, 2800vg, 2800, HG612)
Speedtests:
ThinkBB - Mini | ThinkBB - Full | Speedtest.netEdited by mbames (Wed 08-Jun-22 09:34:42)
|
|
|
They are currently:
ns1.krsytal.co.uk
ns2.krystal.co.uk 139.162.230.184
i.e. as zeb99 says ns1 has a misspelling, ns2 is a concatenation of the nameserver domain and it's IP address when it should just be the domain, it's possible systems are actually ignoring everything after the spaces.
It's automatic and just means that Nominet are publishing a glue record for that entry - the name servers for krystal.co.uk are within krystal.co.uk. If there wasn't a glue record then you wouldn't be able to find the IP address of the nameservers. The same is true for krystal.uk.
|
|
|
That configuration with Fasthosts has been like that for years, so I'm going to guess that someone has recently registered the domain krsytal.co.uk and whacked a public name server on it ns1
Which suggests to me that you're not the only person to make this typo, and someone wants to capitalise on some of this nameserver typo traffic.
Oliver.
Edited by Oliver341 (Wed 08-Jun-22 13:24:17)
|
|
|
Which suggests to me that you're not the only person to make this typo, and someone wants to capitalise on some of this nameserver typo traffic.
Its looks that way. I've pointed that out to Krystal. Not really sure what they could, other than script up a process to check the nameservers for domains they are handling are actually correct and not suffering from typos and then contact those customers.
Vodafone Fibre (Superfast2 - 80/20), Draytek 130, DrayTek 2925, DrayTek AP-910c x 2
(Gone but not forgotten: AP-700, 2820n x 2, 2800vg, 2800, HG612)
Speedtests:
ThinkBB - Mini | ThinkBB - Full | Speedtest.netEdited by mbames (Wed 08-Jun-22 17:44:48)
|
Pages in this thread: 
Print Thread
