Very odd DNS outcome
June 13, 2015 8:06 AM Subscribe
Hi. From inside my very plain vanilla home network (192.168.0.x) the fairly well-known blog site www.rachelstavern.com resolves to 192.168.1.254, which is the address of my own DSL router. When I try to follow a link to a page on rachelstavern.com I'm soon looking at my modem's internal setup page. What gives? A few more details inside.
This happens whether I use Firefox, Chrome, or IE9, so it doesn't seem to be any kind of browser issue. Ping and tracert to www.rachelstavern.com get replies from 192.168.1.254. (At least it's fast, heh.) I have checked my hosts file and see no local entry for rachelstavern.com there. I have flushed my DNS cache. (I have not flushed the modem's DNS cache or rebooted it; my daughter and some friends are using the net hot and heavy right now so I'll have to try that later.) I use three DNS servers (all AT+T, which is my ISP): Windows knows about 192.168.1.254 (primary) and 65.68.49.50 (secondary.) The modem knows about 68.94.156.15 and 68.94.157.15.
Please educate me about how this might be happening. I feel like this is something I should know, but then I feel that way about everything, and alas no.
This happens whether I use Firefox, Chrome, or IE9, so it doesn't seem to be any kind of browser issue. Ping and tracert to www.rachelstavern.com get replies from 192.168.1.254. (At least it's fast, heh.) I have checked my hosts file and see no local entry for rachelstavern.com there. I have flushed my DNS cache. (I have not flushed the modem's DNS cache or rebooted it; my daughter and some friends are using the net hot and heavy right now so I'll have to try that later.) I use three DNS servers (all AT+T, which is my ISP): Windows knows about 192.168.1.254 (primary) and 65.68.49.50 (secondary.) The modem knows about 68.94.156.15 and 68.94.157.15.
Please educate me about how this might be happening. I feel like this is something I should know, but then I feel that way about everything, and alas no.
FWIW, Down for Everyone currently says that rachelstavern.com looks down, and I can't get rachelstavern.com or www.rachelstavern.com to load. Pings time out, and traceroutes for it all say "unknown host [www.]rachelstavern.com."
On preview, agree with nickggully.
posted by Pandora Kouti at 8:24 AM on June 13, 2015 [1 favorite]
On preview, agree with nickggully.
posted by Pandora Kouti at 8:24 AM on June 13, 2015 [1 favorite]
I am not sure why your DNS setup is returning 192.168.1.254, but something seems to be wrong with resolving that name. The authoritative nameserver for it looks to be ns3.speedydns.net, but that server refuses to resolve an ip address for that name. My guess is that either someone tried to switch nameservers and did it incorrectly, or something is misconfigured at speedydns.net.
posted by demiurge at 8:27 AM on June 13, 2015
posted by demiurge at 8:27 AM on June 13, 2015
Best answer: Is your ISP trying to do DNS hijacking, incompetently?
posted by ctmf at 9:20 AM on June 13, 2015
posted by ctmf at 9:20 AM on June 13, 2015
Best answer: It does look like attempted DNS hijacking. But you know what? The FCC's complaint system for net neutrality complaints went live just yesterday. And DNS hijacking is a pretty solid violation. Even with the faulty implementation, they're inappropriately redirecting traffic.
So assuming you're in the US, if you'd like to be a Citizen Hero, you can go file an official complaint right here.
posted by ernielundquist at 10:15 AM on June 13, 2015 [7 favorites]
So assuming you're in the US, if you'd like to be a Citizen Hero, you can go file an official complaint right here.
posted by ernielundquist at 10:15 AM on June 13, 2015 [7 favorites]
Response by poster: OK, switched my DNS servers to 8.8.8.8 and 8.8.4.4. Since others in the thread are telling us that rachelstavern.com is MIA for everybody today, this looks better as ping output...
>ping www.rachelstavern.com
Ping request could not find host www.rachelstavern.com.
...than what I was seeing, which was replies from my own modem at an address on my own network. Thanks very much, folks, I'd say this one is solved. I'll send a quick message to consumercomplaints.fcc.gov also, ernie, thanks for the idea.
posted by jfuller at 10:27 AM on June 13, 2015
>ping www.rachelstavern.com
Ping request could not find host www.rachelstavern.com.
...than what I was seeing, which was replies from my own modem at an address on my own network. Thanks very much, folks, I'd say this one is solved. I'll send a quick message to consumercomplaints.fcc.gov also, ernie, thanks for the idea.
posted by jfuller at 10:27 AM on June 13, 2015
A useful resource to see exactly what else your ISP might be screwing up (inadvertently or deliberately) is the ICSI Netalyzr. (Requires Java plugin to run.)
posted by sourcequench at 11:09 PM on June 13, 2015 [2 favorites]
posted by sourcequench at 11:09 PM on June 13, 2015 [2 favorites]
This thread is closed to new comments.
;; Got SERVFAIL reply from 72.14.179.5, trying next server
;; Got SERVFAIL reply from 72.14.188.5, trying next server
Server: 72.14.179.5
Address: 72.14.179.5#53
** server can't find www.rachelstavern.com: NXDOMAIN
Machine appears to be down, your modem might be defaulting to itself.
posted by nickggully at 8:22 AM on June 13, 2015 [1 favorite]