[outages] AT&T DNS problems?

Mike Phipps mphipps at mediaG.com
Fri Oct 26 21:16:45 EDT 2012 

208.91.197.132 doesn't have a PTR record associated with it, but a Whois
query shows that it's owned by Confluence Networks. However, check out what
happens when you go to that IP address:

 

$ nc -v 208.91.197.132 80

Connection to 208.91.197.132 80 port [tcp/http] succeeded!

GET / HTTP/1.1

Host: ben.edu

 

HTTP/1.1 200 OK

Date: Sat, 27 Oct 2012 01:14:43 GMT

Server: Apache/2.2.3 (Red Hat)

X-Powered-By: PHP/5.3.16

Vary: Accept-Encoding,User-Agent

Content-Length: 712

Content-Type: text/html; charset=UTF-8

 

<frameset rows="100%,*" frameborder="no" border="0" framespacing="0">

        <frame
src="http://ben.edu/?fp=Jg2bOCRGpmyIHeO3rTIpYJil8%2FmPB1JibWwClQntyhm4NkwKKu
Ck1tgtON7LOnmXFywl8MRjELrKlXFXgOfhOw%3D%3D&prvtof=lJY3O5r6C%2F4Iypq21CJp7a1L
uqqIdOWvKdwx5Xsl1x8%3D&poru=S87wfqjj4W%2B%2Fm8dSEqpuWZr20KvK367%2BCoGC%2FHW2
e9kL6N%2Fl3h3wnDx5AfKbrhlZ&">

</frameset>

<noframes>

        <body bgcolor="#ffffff" text="#000000">

        <a
href="http://ben.edu/?fp=Jg2bOCRGpmyIHeO3rTIpYJil8%2FmPB1JibWwClQntyhm4NkwKK
uCk1tgtON7LOnmXFywl8MRjELrKlXFXgOfhOw%3D%3D&prvtof=HFakvtiyy0kNqKrmL%2FCjJLe
PEMwdGWTZLZa5%2BZpNnP4%3D&poru=9vrhUGVKGCquHB6uFFMUXFNxz1c%2FgIaDOeCSvkLz5HC
rH2FI%2Fixpxvr8LwjYT7uO&">Click here to proceed</a>.

        </body>

</noframes>

 

I didn't look beyond that, but it already looks fishy. Note that I used
ben.edu in the hostname on that manual GET request. When I tried it with
just the IP address, it said to go to searchremagnified.com.

 

 

Mike Phipps

Media Genesis, Inc.

 

From: outages-bounces at outages.org [mailto:outages-bounces at outages.org] On
Behalf Of Tim Huffman
Sent: Friday, October 26, 2012 9:04 PM
To: outages at outages.org
Subject: [outages] AT&T DNS problems?

 

We are the primary DNS servers for the ben.edu domain. We seem to be having
an issue with an AT&T server that is responding  with incorrect A records
for www.ben.edu and ben.edu.

 

What it SHOULD be the response:

nslookup www.ben.edu

Server:         63.250.224.66

Address:        63.250.224.66#53

 

www.ben.edu     canonical name = ben.edu.

Name:   ben.edu

Address: 38.100.120.100

 

What 12.127.17.83 is responding with:

> www.ben.edu

Server:  tbru.br.rs.els-gms.att.net

Address:  12.127.17.83

 

Non-authoritative answer:

Name:    www.ben.edu

Address:  208.91.197.132

 

This appears to be affecting only iPhones and iPads on the AT&T network. Is
anybody else having problems with this? Are there any AT&T people on this
list that can help?

 

 

Tim Huffman
Business Only Broadband
777 Oakmont Lane, Suite 2000, Westmont, IL 60559
Direct: 630.590.6012 | Main: 630.590.6000 | Fax: 630.986.2496 
thuffman at bobbroadband.com  |   <http://www.bobbroadband.com/>
http://www.bobbroadband.com/

Cell:  630.340.1925 | Toll-Free Customer Support:  877.262.4553

https://staticapp.icpsc.com/icp/loadimage.php/mogile/933825/747f0f3e66a4e0ce
7633ff898bfc5121/image/png
<http://www.linkedin.com/company/business-only-broadband> Follow Us on
LinkedIn  |
https://files.icontact.com/templates/v2/CleanAndSimple/images/twitter.gif
<https://twitter.com/#%21/BOBbroadband> Follow Us on Twitter

P please consider the environment prior to printing

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20121026/cdd5ca29/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2480 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/outages/attachments/20121026/cdd5ca29/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1287 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/outages/attachments/20121026/cdd5ca29/attachment.gif>

More information about the Outages mailing list