Spectrum DNS servers resolving my domain name to a loopback address.
Hey, I posted this on r/networking and was advised to post on this list. The small company I work for has a niche SaaS app and for the past week Spectrum DNS servers have resolved the name to 127.0.0.54. I found a Spectrum user on reddit to confirm the problem: nslookup rightbridge.net dns-cac-lb-02.rr.com Non-authoritative answer: Name: rightbridge.net Address: 127.0.0.54 server 209.18.47.62 Default Server: dns-cac-lb-02.rr.com Address: 209.18.47.62 I have been trying for a week to get Spectrum tech support and Twitter support to help, but so far that's been an exercise in futility. As far as I'm aware, this only affects Spectrum. I have switched some users to Google's public DNS servers, but I can't reach all of them. Reddit has been some help troubleshooting; That is indeed interesting. What I notice is:
It replies to A requests with a 60 second TTL every single time, which is a behavior normally expected of an authoritative server, yet it is marking the replies as non-authoritative. I would expect non-authoritative servers to have a decrementing TTL. It responds with 0 records for NS, MX, AAAA, and A requests. Not NXDOMAIN though. It seems like a wildcard record that covers everything under your domain. I see this behavior on both of the Spectrum resolvers that my cable modem connection is offered via DHCP. I don't have this problem if I use my own resolver (on a Spectrum connection). I'm stumped. Despite my comment earlier about it being unlikely to be a Spectrum problem, I now agree that it does appear to be something strange on their side. Just to be sure, have you ever used Spectrum as a provider for something related to this domain, where they hosted the domain or anything? I'm not sure if they even offer that service, but want to ask just to be sure. There is typically little reason to have a specific domain singled out in your nameservers unless you host it. The one guess I have is that they have gone out of their way to ban your domain for some reason. Wildcard pointing all queries to it to localhost would not be too unexpected of a way to ban a domain. Have you had any trouble with malware infections, spam, or anything else you can think of that might have lead someone to want to ban the domain?
I don't believe Spectrum has even been a service provider for my employer. They do not offer service where our home office is located, and they have only used Rackspace for hosting in the 13 years they've been around. No malware, infections, spam (that I'm aware of). We are not registered on any Blacklists. I appreciate any help / advice, Jake
I have a spectrum line in KCMO, I don't use their dns, but dhcp is passing me 209.18.47.61 and .63, and I'm seeing the exact same thing the reddit user you quoted below is seeing. This is most definitely a spectrum issue. I don't know Spectrum's dns setup, but these appear to be somewhere in TX, so I don't think they are anycast or mirrrored through their network, but I've never dug into that. -----Original message----- From:jake vdb <jake.vdb@gmail.com> Sent:Thu 10-03-2019 10:31 pm Subject:Spectrum DNS servers resolving my domain name to a loopback address. To:nanog@nanog.org; Hey, I posted this on r/networking and was advised to post on this list. The small company I work for has a niche SaaS app and for the past week Spectrum DNS servers have resolved the name to 127.0.0.54. I found a Spectrum user on reddit to confirm the problem: nslookup rightbridge.net <http://rightbridge.net> dns-cac-lb-02.rr.com <http://dns-cac-lb-02.rr.com> Non-authoritative answer: Name: rightbridge.net <http://rightbridge.net> Address: 127.0.0.54 server 209.18.47.62 Default Server: dns-cac-lb-02.rr.com <http://dns-cac-lb-02.rr.com> Address: 209.18.47.62 I have been trying for a week to get Spectrum tech support and Twitter support to help, but so far that's been an exercise in futility. As far as I'm aware, this only affects Spectrum. I have switched some users to Google's public DNS servers, but I can't reach all of them. Reddit has been some help troubleshooting; That is indeed interesting. What I notice is: It replies to A requests with a 60 second TTL every single time, which is a behavior normally expected of an authoritative server, yet it is marking the replies as non-authoritative. I would expect non-authoritative servers to have a decrementing TTL. It responds with 0 records for NS, MX, AAAA, and A requests. Not NXDOMAIN though. It seems like a wildcard record that covers everything under your domain. I see this behavior on both of the Spectrum resolvers that my cable modem connection is offered via DHCP. I don't have this problem if I use my own resolver (on a Spectrum connection). I'm stumped. Despite my comment earlier about it being unlikely to be a Spectrum problem, I now agree that it does appear to be something strange on their side. Just to be sure, have you ever used Spectrum as a provider for something related to this domain, where they hosted the domain or anything? I'm not sure if they even offer that service, but want to ask just to be sure. There is typically little reason to have a specific domain singled out in your nameservers unless you host it. The one guess I have is that they have gone out of their way to ban your domain for some reason. Wildcard pointing all queries to it to localhost would not be too unexpected of a way to ban a domain. Have you had any trouble with malware infections, spam, or anything else you can think of that might have lead someone to want to ban the domain? I don't believe Spectrum has even been a service provider for my employer. They do not offer service where our home office is located, and they have only used Rackspace for hosting in the 13 years they've been around. No malware, infections, spam (that I'm aware of). We are not registered on any Blacklists. I appreciate any help / advice, Jake
participants (2)
-
jake vdb -
Jerry Cloe