.-- My secret spy satellite informs me that at 2013-06-20 12:31 AM Andree Toonk wrote:
.-- My secret spy satellite informs me that at 2013-06-19 10:34 PM Paul Ferguson wrote:
; <<>> DiG 9.7.3 <<>> @localhost yelp.com A <SNIP> ;; ANSWER SECTION: yelp.com. 300 IN A 204.11.56.20
Interesting to see that traffic to this IP addresses is going through prolexic... I guess they're considering this as a DOS.
andree@bofh:~/src$ traceroute 204.11.57.20 traceroute to 204.11.57.20 (204.11.57.20), 64 hops max, 52 byte packets 1 10.200.200.200 (10.200.200.200) 17.089 ms 13.144 ms 13.552 ms 2 67.215.89.1 (67.215.89.1) 20.963 ms 15.371 ms 17.026 ms 3 67.215.93.14 (67.215.93.14) 20.486 ms 14.458 ms 16.917 ms 4 ge-0-7-0-5.r06.snjsca04.us.bb.gin.ntt.net (128.241.219.145) 19.449 ms 19.375 ms 15.274 ms 5 ae-2.prolexic.snjsca04.us.bb.gin.ntt.net (128.241.219.242) 17.107 ms 23.272 ms 16.019 ms 6 209.200.184.34 (209.200.184.34) 14.878 ms 19.062 ms 15.776 ms 7 unknown.prolexic.com (72.52.30.126) 67.871 ms 64.376 ms 66.988 ms 8 domain.not.configured (204.11.57.20) 71.729 ms 65.830 ms 67.823 ms
Slight correction for the archives, the trace above was going to 204.11.57.20 (not 204.11.56.20) which is the IP of the NS server (ns1620.ztomy.com), which also goes through prolexic (see above) andree@bofh:~/src$ dig @a.gtld-servers.net www.craigslist.com ns ; <<>> DiG 9.8.3-P1 <<>> @a.gtld-servers.net www.craigslist.com ns ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52520 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.craigslist.com. IN NS ;; AUTHORITY SECTION: craigslist.com. 172800 IN NS ns1620.ztomy.com. craigslist.com. 172800 IN NS ns2620.ztomy.com. ;; ADDITIONAL SECTION: ns1620.ztomy.com. 172800 IN A 204.11.56.20 ns2620.ztomy.com. 172800 IN A 204.11.57.20 ;; Query time: 120 msec ;; SERVER: 192.5.6.30#53(192.5.6.30) ;; WHEN: Thu Jun 20 00:50:49 2013 ;; MSG SIZE rcvd: 116 This is the trace to 204.11.56.20 also via prolexic andree@bofh:~/src$ sudo tcptraceroute 204.11.56.20 80 Tracing the path to 204.11.56.20 on TCP port 80 (http), 30 hops max 1 10.200.200.200 14.840 ms 21.474 ms 13.641 ms 2 67.215.89.1 19.265 ms 13.646 ms 14.769 ms 3 67.215.93.14 15.000 ms 15.161 ms 15.159 ms 4 ge-0-7-0-5.r06.snjsca04.us.bb.gin.ntt.net (128.241.219.145) 15.358 ms 14.852 ms 16.432 ms 5 ae-2.prolexic.snjsca04.us.bb.gin.ntt.net (128.241.219.242) 13.735 ms 16.149 ms 17.957 ms 6 204.11.56.20 [open] 15.447 ms 16.897 ms 15.821 ms Btw, one more interesting detail these used to be announced as one /23. As of this week that's two /24's currently 204.11.56.0/24 (june 17) and 204.11.57.0/24 (june 19) Andree