That does help Greg. I've heard from a few other folks on the list that the domain is considered suspicious by a few different providers like this. It's a turnkey Squarespace gallery/ecommerce site so I'm not sure why it would be classified as a threat, but perhaps a previous domain holder was doing something that could have been and these reports are just outdated? - Jason On 2023-10-25 1:41 pm, Greg Dickinson wrote:
If it helps troubleshooting, when I click the domain in the email Mimecast tells me:
"We checked the website you are trying to access for malicious and spear-phishing content and found it likely to be unsafe."
Greg Dickinson, CCNA
Network Engineer
From: NANOG <nanog-bounces+greg.dickinson=bryantbank.com@nanog.org> On Behalf Of Mark Andrews Sent: Wednesday, October 25, 2023 1:27 PM To: Jason J. Gullickson <mr@jasongullickson.com> Cc: nanog@nanog.org Subject: Re: Charter DNS servers returning invalid IP addresses
This Message originates from outside Bryant Bank. Please use caution when opening this correspondence, attachments or hyperlinks (URLs). If you have questions, please contact IT Support. Thank you.
It's being filtered. Only Charter can tell you why.
--
Mark Andrews
On 26 Oct 2023, at 05:07, Jason J. Gullickson via NANOG <nanog@nanog.org> wrote:
I've been working for a week or so to solve a problem with DNS resolution for Charter customers for our domain bonesinjars.com [1]. I've reached-out to Charter directly but since I'm not a customer I couldn't get any help from them. I was directed by a friend to this list in hopes that there may be able to reach a Charter/Spectrum engineer who might be able to explain and/or resolve this one.
A dig against Google's DNS servers correctly returns 4 A records:
dig bonesinjars.com [1] 8.8.8.8 [2]
; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> bonesinjars.com [1] 8.8.8.8 [2] ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31383 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;bonesinjars.com [1]. IN A
;; ANSWER SECTION: bonesinjars.com [1]. 60 IN A 198.49.23.145 [3] bonesinjars.com [1]. 60 IN A 198.185.159.145 [4] bonesinjars.com [1]. 60 IN A 198.49.23.144 [5] bonesinjars.com [1]. 60 IN A 198.185.159.144 [6]
;; Query time: 1039 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) [7] (UDP) ;; WHEN: Mon Oct 23 10:26:32 CDT 2023 ;; MSG SIZE rcvd: 108
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26879 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;8.8.8.8 [2]. IN A
;; Query time: 35 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) [7] (UDP) ;; WHEN: Mon Oct 23 10:26:32 CDT 2023 ;; MSG SIZE rcvd: 36
Verizon, AT&T, Comcast and all other DNS servers we tested return the same 4 A records. However the same dig against a Charter DNS (24.196.64.53 [8]) returns only 127.0.0.54 [9]
dig bonesinjars.com [1] 24.196.64.53 [8]
; <<>> DiG 9.16.1-Ubuntu <<>> bonesinjars.com [1] 24.196.64.53 [8] ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17691 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;bonesinjars.com [1]. IN A
;; ANSWER SECTION: bonesinjars.com [1]. 60 IN A 127.0.0.54 [9]
;; Query time: 55 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) [7] ;; WHEN: Tue Oct 24 13:28:36 CDT 2023 ;; MSG SIZE rcvd: 60
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4658 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;24.196.64.53 [8]. IN A
;; ANSWER SECTION: 24.196.64.53 [8]. 86400 IN A 24.196.64.53 [8]
;; Query time: 27 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) [7] ;; WHEN: Tue Oct 24 13:28:36 CDT 2023 ;; MSG SIZE rcvd: 57
Any help understanding and addressing this is greatly appreciated!
Jason
NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, print, save, copy, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete copies. Thank you.
Links: ------ [1] https://secure-web.cisco.com/1QYzTVngb5oZ1KLAZyMPvb_h9plEnlxSg987WNlsBgaLug2... [2] https://secure-web.cisco.com/1imxdVmCYKyqq5wulvqemEVFHic8KD5Xk1Q4EqDP-l4FLBV... [3] https://secure-web.cisco.com/1QeSRq_up-pqhHIDl6xF_GqRzLweZJXtuPVjonTJoPahw1Q... [4] https://secure-web.cisco.com/1O5fWfiQWb4UoojSFAKsG6sZg-r7ZoEBLPCb-nUjBFPD_px... [5] https://secure-web.cisco.com/1Gksy1SWwjLAq6x2FUfJ0MAAMBhgV-1-7Zc08k_Cg-Z8MCV... [6] https://secure-web.cisco.com/1Vr7XwiMhFeLf9cMeTNX15HD8WHYJL270KD2MioSlgRG1OZ... [7] https://secure-web.cisco.com/1oHf3Mm9qxwW_PH8S4pY1BmQR998AjECHdJ2k33Ke6Rw8Oc... [8] https://secure-web.cisco.com/1MWCKSLA6JNuYXb1c5Hf_dGEOanOe-z4Ba3wu58c8y7ovol... [9] https://secure-web.cisco.com/1fh0FafrN8nhI9wEWZaByw3sg2sf9Kz5Vk5p1BkCmxRU0aH...