Hi,

What to do if the domain name of one of my webserver, that me and some lab members use for work related stuff, is no longer resolved by our university DNS? When I first noticed it, I could see no resolution at all while now the domain resolves to a wrong IP. The site can be normally reached on any other network so there is no problem on my side I think.

Should I just wait (now more than 24 hours) or should I try anything? I am entitled to complain to our IT even though the issue is only with this not-really-professional FreeDNS subdomain?

EDIT: apparently some automatism marked this domain as malicious (absolutely it is not, not willingly and not compromised) and somehow DNS resolves to CNAME sinkhole.paloaltonetworks.com.

@aesir@lemmy.world
creator
link
fedilink
English
1
edit-2
1Y

What does it mean?

nslookup my.domain.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    my.domain.com
Addresses:  ::1
          xx.x.xx.xxx (wrong IPV4 address from the other side of the world)

If I use 8.8.8.8 at home addresses is first of all “address” and is correct.

@marsara9@lemmy.world
link
fedilink
English
1
edit-2
1Y

That looks like 8.8.8.8 actually responded. The ::1 is ipv6’s localhost which seems odd. As for the wong ipv4 I’m not sure.

I normally see something like requested 8.8.8.8 but 1.2.3.4 responded if the router was forcing traffic to their DNS servers.

You can also specify the DNS server to use when using nslookup like: nslookup www.google.com 1.1.1.1. And you can see if you get and different answers from there. But what you posted doesn’t seem out of the ordinary other than the ::1.

Edit just for shits and giggles also try nslookup xx.xx.xx.xx where xx.xx… is the wrong up from the other side of the world and see what domain it returns.

@aesir@lemmy.world
creator
link
fedilink
English
11Y

Now it’s pretty clear, I am mistaken for a malicious site (probably because many different computers in the lab started to exchange data with this obscure freedns subdomain) by this software from Palo Alto Networks https://www.gavstech.com/palo-alto-firewall-dns-sinkhole/ which rewrites the DNS response

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 136 users / day
  • 427 users / week
  • 1.16K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.68K Posts
  • 74.2K Comments
  • Modlog