If it helps troubleshooting, when I click the domain in the email Mimecast tells me:

 

We checked the website you are trying to access for malicious and spear-phishing content and found it likely to be unsafe.”

 

 

 

Greg Dickinson, CCNA

Network Engineer

 

mid:ac0798f5d04aec2c4c40f9c44056646c8ba72bfb332f7f64d451d99665886e29@getboxer.com/image001.png@01D2DDE3.06E76B70

 

From: NANOG <nanog-bounces+greg.dickinson=bryantbank.com@nanog.org> On Behalf Of Mark Andrews
Sent: Wednesday, October 25, 2023 1:27 PM
To: Jason J. Gullickson <mr@jasongullickson.com>
Cc: nanog@nanog.org
Subject: Re: Charter DNS servers returning invalid IP addresses

 

 

This Message originates from outside Bryant Bank.   Please use caution when opening this correspondence, attachments or hyperlinks (URLs).  If you have questions, please contact IT Support.  Thank you.

It’s being filtered. Only Charter can tell you why. 

-- 

Mark Andrews



On 26 Oct 2023, at 05:07, Jason J. Gullickson via NANOG <nanog@nanog.org> wrote:

I've been working for a week or so to solve a problem with DNS resolution for Charter customers for our domain bonesinjars.com.  I've reached-out to Charter directly but since I'm not a customer I couldn't get any help from them.  I was directed by a friend to this list in hopes that there may be able to reach a Charter/Spectrum engineer who might be able to explain and/or resolve this one.

A dig against Google's DNS servers correctly returns 4 A records:


dig bonesinjars.com 8.8.8.8

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> bonesinjars.com 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31383
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bonesinjars.com.               IN      A

;; ANSWER SECTION:
bonesinjars.com.        60      IN      A       198.49.23.145
bonesinjars.com.        60      IN      A       198.185.159.145
bonesinjars.com.        60      IN      A       198.49.23.144
bonesinjars.com.        60      IN      A       198.185.159.144

;; Query time: 1039 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Oct 23 10:26:32 CDT 2023
;; MSG SIZE  rcvd: 108

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26879
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;8.8.8.8.                       IN      A

;; Query time: 35 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Oct 23 10:26:32 CDT 2023
;; MSG SIZE  rcvd: 36

Verizon, AT&T, Comcast and all other DNS servers we tested return the same 4 A records.  However the same dig against a Charter DNS (24.196.64.53) returns only 127.0.0.54

 

dig bonesinjars.com 24.196.64.53

; <<>> DiG 9.16.1-Ubuntu <<>> bonesinjars.com 24.196.64.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17691
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bonesinjars.com.        IN    A

;; ANSWER SECTION:
bonesinjars.com.    60    IN    A    127.0.0.54

;; Query time: 55 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Oct 24 13:28:36 CDT 2023
;; MSG SIZE  rcvd: 60

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4658
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;24.196.64.53.            IN    A

;; ANSWER SECTION:
24.196.64.53.        86400    IN    A    24.196.64.53

;; Query time: 27 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Oct 24 13:28:36 CDT 2023
;; MSG SIZE  rcvd: 57

 

Any help understanding and addressing this is greatly appreciated!

 

Jason



NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, print, save, copy, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete copies.  Thank you.