cancel
Showing results for 
Search instead for 
Did you mean: 

Some quick assistance required to help investigate a possible DNS issue

mikeb
Rising Star
Posts: 481
Thanks: 24
Registered: ‎10-06-2007

Some quick assistance required to help investigate a possible DNS issue

Hi,

A quick bit of assistance required: Please can a few users check the following link(s) and report back whether they see a sensible looking smf forum home page *OR* what appears to be a service provider's hijacked page claiming "domain expired" or similar. Please include details on which DNS and connection you're using if possible. I'm using my usual PN DNS and connection.

It would be especially good if someone could also try using non-PN DNS and connection in order to establish whether the issue is PN-related or a more general problem.

 

http://www.organmatters.com and/or https://www.organmatters.com 


Mucho thanks in advance Smiley



B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns Tongue
6 REPLIES 6
MisterW
Superuser
Superuser
Posts: 16,286
Thanks: 6,242
Fixes: 447
Registered: ‎30-07-2007

Re: Some quick assistance required to help investigate a possible DNS issue

Both show an smf forum. DNS is Opendns

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

mikeb
Rising Star
Posts: 481
Thanks: 24
Registered: ‎10-06-2007

Re: Some quick assistance required to help investigate a possible DNS issue

Thank you Smiley

 

Suffice it to say that PN DNS is providing a somewhat different experience ! 

 

There have apparently been some recent server/host changes and 'issues' various so to speak have arisen like they usually do ! But whilst I've had some problems accessing the site for while now, it has also worked very occasionally and other people clearly seem to have access to the correct site/page. All I get from using PN DNS is a hijacked page, presumably because of old or erroneous cached DNS data somewhere and/or an update still propagating Sad 

 

However, quite how I managed to actually get sent to the correct and fully functional forum page on just a few occasions a couple of days ago is a complete mystery. It hadn't worked for more than a week. Then suddeny all appeared well for a short period of time after I managed to contact the site owner. Now it's back to not working again 100% of the time Roll_eyes

 

Has to be a DNS config or propagation issue somewhere doesn't it ?



B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns Tongue
Browni
Aspiring Hero
Posts: 2,673
Thanks: 1,036
Fixes: 61
Registered: ‎02-03-2016

Re: Some quick assistance required to help investigate a possible DNS issue

Both show an SMF forum using Cloudflare DNS.
MisterW
Superuser
Superuser
Posts: 16,286
Thanks: 6,242
Fixes: 447
Registered: ‎30-07-2007

Re: Some quick assistance required to help investigate a possible DNS issue

Suffice it to say that PN DNS is providing a somewhat different experience ! 

Just tried directly with all the PN DNS servers , main , secondary and Safeguard. They all resolve to the same IP as OpenDNS

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

mikeb
Rising Star
Posts: 481
Thanks: 24
Registered: ‎10-06-2007

Re: Some quick assistance required to help investigate a possible DNS issue

Yup,  they do now ... but they haven't done for by far the majority of the time over the past several days/weeks Wink  And I can absolutely guarantee that they definitely weren't until an hour or so after I started this thread.

I'd noticed what appeared to be some dicky DNS data before posting here which meant that the NS records being dished out were most unlikely to be the authoritative server details but some old, dubious or otherwise erroneous data. Presumably it was the previous registrar or host name servers that had been left in place. The end result being that access to the site was effectively being hijacked. If you chose to unblock adware protection and ignore the browser security warning, you ended up with a page from a 'domain parking' company advising the domain had expired and therefore they were trying to monetise that alleged (but untrue) situation.

Having pointed out my findings suggesting DNS record issues to the site owner ... the dubious authoritative NS data was changed to what I was kinda expecting to see and very shortly thereafter the PN DNS got updated accordingly.

Everything is apparently now OK here and elsewhere that I've tried. Thanks to all for the helping to confirm what was going on Smiley  It may well take a tad longer to fully propagate around the world but no further action needed other than allow some time for it to happen.

This is all very déjà vu really. I'm absolutely certain that I've seen other very similar issues in the past posted on here.  In all cases it turned out there were fundamental DNS record issues but whilst PN DNS and some others were problematic, OpenDNS and google DNS were both apparently working correctly despite the dodgy data.

As far as I can see, there is absolutely NO WAY that OpenDNS should have pointed to the SMF forum home page when you found that it did this morning because the authoritative name servers were definitely pointing elsewhere resulting in a hijacked page. Any cached DNS data must also have been well past it's use-by date into the bargain ! Very strange, but like I said as seen before I think. OpenDNS and google DNS apparently still working mostly correctly despite the fact that PN and other servers weren't and they really shouldn't have been because of a fundamental error in the records.



B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns Tongue
mikeb
Rising Star
Posts: 481
Thanks: 24
Registered: ‎10-06-2007

Re: Some quick assistance required to help investigate a possible DNS issue

Now that I've got time to prepare and post the screen image grabbed at the time, this is what was happening whenever I tried to access the site myself via my PN connection and using PN DNS ...

organ%20matters%20domain%20expired

 

... but only if I disabled adware blocking and ignored the lack of a valid 3rd party SSL certificate. Otherwise all I saw was an apparently blank page. Apart from a short period of time at stupid o'clock on Monday morning when it worked as expected, it had been like this for at least a week if not 2 or more.

What appeared to have happened was that the current registry whois data included the current and correct authoritative nameserver details. However, the current authoritative nameservers themselves, whilst providing the correct A record data for the current host server, were also actually dishing out NS records pointing to other nameservers. Presumably, either the previous authoritative nameservers or just some other clearly dubious data. Hence much confusion various !  Once the duff NS record data was corrected, the PN DNS subsequently updated fairly rapidly due to the low(ish) TTL and all was then well.

What I don't quite understand though is how the likes of OpenDNS and google managed to ignore the authoritative nameserver NS records telling them to obtain data from elsewhere and obtain the current and correct A record data ... and/or why PN DNS apparently insisted on doing the complete opposite ! 



B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns Tongue