Hi,

What to do if the domain name of one of my webserver, that me and some lab members use for work related stuff, is no longer resolved by our university DNS? When I first noticed it, I could see no resolution at all while now the domain resolves to a wrong IP. The site can be normally reached on any other network so there is no problem on my side I think.

Should I just wait (now more than 24 hours) or should I try anything? I am entitled to complain to our IT even though the issue is only with this not-really-professional FreeDNS subdomain?

EDIT: apparently some automatism marked this domain as malicious (absolutely it is not, not willingly and not compromised) and somehow DNS resolves to CNAME sinkhole.paloaltonetworks.com.

  • @[email protected]English
    31 year ago

    Probably not your problem but if 8.8.8.8 has some wrong DNS record cached you can flush the cache for one name at https://dns.google/cache and for 1.1.1.1 at https://one.one.one.one/purge-cache/

    There are also commands on each of the major operating systems to flush local caches.

    It is also possible that DHCP or IPv6 router advertisements reset your manual DNS setting of 8.8.8.8 depending on how you set it.

    • @marsara9English
      41 year ago

      Another thing that can be happening is that the router or firewall is redirecting all port 53 traffic to their internal DNS servers. (I do the same thing at home to prevent certain devices from ignoring my router’s DNS settings cough Android cough)

      One way you can check for this is to run “nslookup some.domain” from a terminal and see where the response comes from.

      • @aesirOPEnglish
        11 year ago

        What does it mean?

        nslookup my.domain.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    my.domain.com
Addresses:  ::1
          xx.x.xx.xxx (wrong IPV4 address from the other side of the world)

        If I use 8.8.8.8 at home addresses is first of all “address” and is correct.

        • @marsara9English
          11 year ago

          That looks like 8.8.8.8 actually responded. The ::1 is ipv6’s localhost which seems odd. As for the wong ipv4 I’m not sure.

          I normally see something like requested 8.8.8.8 but 1.2.3.4 responded if the router was forcing traffic to their DNS servers.

          You can also specify the DNS server to use when using nslookup like: nslookup www.google.com 1.1.1.1. And you can see if you get and different answers from there. But what you posted doesn’t seem out of the ordinary other than the ::1.

          Edit just for shits and giggles also try nslookup xx.xx.xx.xx where xx.xx… is the wrong up from the other side of the world and see what domain it returns.

          • @aesirOPEnglish
            11 year ago

            Now it’s pretty clear, I am mistaken for a malicious site (probably because many different computers in the lab started to exchange data with this obscure freedns subdomain) by this software from Palo Alto Networks https://www.gavstech.com/palo-alto-firewall-dns-sinkhole/ which rewrites the DNS response

    • @aesirOPEnglish
      11 year ago

      Interesting, thanks. I think this is what it is happening. Feels like I can put whatever DNS server and still end up with an internal one.

      • @[email protected]English
        11 year ago

        You can confirm this as follows. Grab a laptop and:

        • Confirm that on the university internet, 8.8.8.8 resolves the wrong domain.
        • Set up a hotspot from your mobile phone, connect the laptop there, then try again.

        If the behaviour is different depending on your network, your uni must be redirecting DNS.