Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Website access on Plusnet - can someone do a quick test please
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Website access on Plusnet - can someone do a quick...
- « Previous
-
- 1
- 2
- Next »
Re: Website access on Plusnet - can someone do a quick test please
09-11-2011 12:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Something is happening. Your name servers have been changed to:
ns.123-reg.co.uk
ns.hosteurope.com
ns2.123-reg.co.uk
ns2.hosteurope.com
None of these seem to be giving answers for the domain at the moment so you will have totally disappeared off the internet (once any cached entries have expired).
ns.123-reg.co.uk
ns.hosteurope.com
ns2.123-reg.co.uk
ns2.hosteurope.com
None of these seem to be giving answers for the domain at the moment so you will have totally disappeared off the internet (once any cached entries have expired).
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Message 16 of 20
(425 Views)
Re: Website access on Plusnet - can someone do a quick test please
09-11-2011 12:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jelv Something is happening. Your name servers have been changed to:
ns.123-reg.co.uk
ns.hosteurope.com
ns2.123-reg.co.uk
ns2.hosteurope.com
Sorry Jelv - that was me, thinking that it may have been the problem as some of the websites are connected to 123-reg servers and some aren't. This is a red herring though as both are affected. It is the ncrac.com IP address 'A' record that appears to be the problem. Just got to find where and how as no sign on the 123.reg management 😞
Message 17 of 20
(425 Views)
Re: Website access on Plusnet - can someone do a quick test please
09-11-2011 1:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: rhino666 Thanks Jelv and Bob
I have been onto 123.reg who look after the nameserver management side of the websites I run. The 'Cname' and 'A' records look as expected and there is no 'A' record with that ncrac.com IP address.
That's not what it looks like to me, whether I query the 123-reg authoritative servers *or* the hosteurope ones?
dig www.itdoctors.co.uk @ns.123-reg.co.uk
; <<>> DiG 9.3.4-P1.2 <<>> www.itdoctors.co.uk @ns.123-reg.co.uk
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5409
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.itdoctors.co.uk. IN A
;; ANSWER SECTION:
www.itdoctors.co.uk. ; 86400 IN CNAME clients.bilstone.co.uk.
www.itdoctors.co.uk. ; 86400 IN A 83.142.229.122
Perhaps you could point 123-reg to this forum thread (it's viewable to anybody)?
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 18 of 20
(425 Views)
Re: Website access on Plusnet - can someone do a quick test please
09-11-2011 5:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I get the same result as Bob, using the same "dig" command here.
I'd just like to point out that you can give the "+trace" option to dig, which forces it to recurse through the authoritive servers starting at the root (or, where the is a choice, picking one of the authoritive servers). It helps save you manually following the chain of nameservers...
In this case, the last set of results came from 92.51.159.40 (ns.123-reg.co.uk).
Issuing the same command again does sometimes result in getting an answer from 212.67.202.2 (ns2.123-reg.co.uk), with the same result.
I'd just like to point out that you can give the "+trace" option to dig, which forces it to recurse through the authoritive servers starting at the root (or, where the is a choice, picking one of the authoritive servers). It helps save you manually following the chain of nameservers...
[root@amnesia ~]# dig www.itdoctors.co.uk +trace
; <<>> DiG 9.8.0-P4-RedHat-9.8.0-9.P4.fc15 <<>> www.itdoctors.co.uk +trace
;; global options: +cmd
. 40755 IN NS e.root-servers.net.
. 40755 IN NS j.root-servers.net.
. 40755 IN NS h.root-servers.net.
. 40755 IN NS b.root-servers.net.
. 40755 IN NS i.root-servers.net.
. 40755 IN NS d.root-servers.net.
. 40755 IN NS g.root-servers.net.
. 40755 IN NS k.root-servers.net.
. 40755 IN NS a.root-servers.net.
. 40755 IN NS c.root-servers.net.
. 40755 IN NS l.root-servers.net.
. 40755 IN NS f.root-servers.net.
. 40755 IN NS m.root-servers.net.
;; Received 512 bytes from 192.168.0.10#53(192.168.0.10) in 70 ms
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS ns3.nic.uk.
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
;; Received 499 bytes from 198.41.0.4#53(198.41.0.4) in 168 ms
itdoctors.co.uk. 172800 IN NS ns2.123-reg.co.uk.
itdoctors.co.uk. 172800 IN NS ns.123-reg.co.uk.
;; Received 80 bytes from 195.66.240.130#53(195.66.240.130) in 48 ms
www.itdoctors.co.uk. ; 86400 IN CNAME clients.bilstone.co.uk.
www.itdoctors.co.uk. ; 86400 IN A 83.142.229.122
;; Received 84 bytes from 92.51.159.40#53(92.51.159.40) in 32 ms
In this case, the last set of results came from 92.51.159.40 (ns.123-reg.co.uk).
Issuing the same command again does sometimes result in getting an answer from 212.67.202.2 (ns2.123-reg.co.uk), with the same result.
Plusnet Customer
Using FTTC since 2011. Currently on 80/20 Unlimited Fibre Extra.
Using FTTC since 2011. Currently on 80/20 Unlimited Fibre Extra.
Message 19 of 20
(425 Views)
Re: Website access on Plusnet - can someone do a quick test please
10-11-2011 10:00 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Good morning and it is good at the moment because I am hoping that the cause of my very frustrating problem has finally been found.
Some of my older websites still had a reference to the old servers, updated when we moved to new over two years ago. I think 123-reg looks to the servers first so guessing that ncrac.com is a hosteurope client and their space has moved into where ours used to be. I cannot check this as my Nominet WHOIS only covers UK stuff from the look of it.
I have updated all the servers, which is a pain on 123-reg as all the records then have to be re-added. All seems fine at the moment, even when tested through Plusnets servers where the problems occured. Jelv really identified this at an early stage of this thread but believe me it was as clear as mud at this stage and the sequence of events made me think that someone had definately hacked my DNS somewhere. I checked on google and by coincidence a number of important websites have had similar DNS attacks recently.
Thank you all for your help - it is a huge relief to have resolved this problem.
Some of my older websites still had a reference to the old servers, updated when we moved to new over two years ago. I think 123-reg looks to the servers first so guessing that ncrac.com is a hosteurope client and their space has moved into where ours used to be. I cannot check this as my Nominet WHOIS only covers UK stuff from the look of it.
I have updated all the servers, which is a pain on 123-reg as all the records then have to be re-added. All seems fine at the moment, even when tested through Plusnets servers where the problems occured. Jelv really identified this at an early stage of this thread but believe me it was as clear as mud at this stage and the sequence of events made me think that someone had definately hacked my DNS somewhere. I checked on google and by coincidence a number of important websites have had similar DNS attacks recently.
Thank you all for your help - it is a huge relief to have resolved this problem.
Message 20 of 20
(425 Views)
- « Previous
-
- 1
- 2
- Next »
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Website access on Plusnet - can someone do a quick...