[GTALUG] Reverse DNS different that DNS server (reverse is a local address)
Dave Collier-Brown
davecb.42 at gmail.com
Sun Nov 22 17:02:59 EST 2020
Depending on what kind of problems you're seeing, you probably want to
do a traceroutefrom a network where you have good
performance/reliability to someplace distant (I use slashdot.org (:-)),
land then again from the doubtful network.
The names you see are sometimes clear...
[davecb at miles Networking]$ traceroute slashdot.org
traceroute to slashdot.org (216.105.38.15), 30 hops max, 60 byte packets
1 _gateway (192.168.7.1) 0.409 ms 0.402 ms 0.246 ms
2 10.0.0.1 (10.0.0.1) 2.168 ms 2.784 ms 2.962 ms
3 99.240.238.1 (99.240.238.1) 19.416 ms 14.751 ms 14.897 ms
4 8081-dgw01.ym.rmgt.net.rogers.com (67.231.222.137) 19.446 ms 14.282 ms 14.152 ms
5 69.63.249.221 (69.63.249.221) 19.653 ms 19.892 ms 19.737 ms
6 209.148.235.218 (209.148.235.218) 14.454 ms 18.395 ms 18.287 ms
7 ae58.bar3.Toronto1.Level3.net (4.59.180.41) 34.759 ms 34.188 ms 34.265 ms
8 ae-2-3611.edge2.NewYork6.Level3.net (4.69.209.82) 40.920 ms 41.218 ms 41.547 ms
9 * * *
10 los-edge-08.inet.qwest.net (67.14.22.202) 103.209 ms 96.349 ms 102.989 ms
11 65-126-18-126.dia.static.qwest.net (65.126.18.126) 94.487 ms 94.216 ms 83.169 ms
12 br05-te0-0-1-6.lwdc.americanis.net (207.158.62.109) 82.873 ms 82.800 ms 83.479 ms
13 ar07-te13-3.lwdc.americanis.net (209.216.192.66) 83.737 ms * *
14 216.105.38.15 (216.105.38.15) 89.270 ms 83.401 ms 83.303 ms
For example, 8081-dgw01.ym.rmgt.net.rogers.com is Rogers, etc. For
missing or more obscure names, use command-line whois with the IP address:
[davecb at miles Networking]$ whois 69.63.249.221
[Querying whois.arin.net]
[whois.arin.net]
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#
NetRange: 69.63.240.0 - 69.63.255.255
CIDR: 69.63.240.0/20
NetName: ROGERS-COM-INFR
NetHandle: NET-69-63-240-0-1
Parent: NET69 (NET-69-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS812
Organization: Rogers Communications Canada Inc. (RCC-184)
RegDate: 2008-05-01
Updated: 2017-01-06
Ref: https://rdap.arin.net/registry/ip/69.63.240.0
You will get two things:
1. Who it passes through, eg, Utopia, Bell or Rodgers
2. How /long it takes /to get to each new network
I have a script that subtracts the lines of three sample times from one
another, but eyeballs work well, too (;-))
I'd be curious to see which Utopia you get: Mumbai or Utah (;-))
--dave
On 2020-11-22 2:45 p.m., Joseph Rocklin via talk wrote:
> Sorry. My wife and I are trying to discern if my BIL's network was a
> problem in the past. It has been the family's network. The kids and
> her computer in the past had routed via utopia.net when we entered in
> addresses or search terms. I am trying to see if there is anything
> wrong with my BIL's network now. I am a bit suspicious based on what I
> read about utopia.net. My wife wants me to find more significant
> findings before she allows herself to question matters. I don't know
> all that much except that utopia.net was noted as a malware site on
> many searches I've done.
>
>
> Nov 22, 2020, 2:29 PM by talk at gtalug.org:
>
> On 2020-11-22 2:13 p.m., Joseph Rocklin via talk wrote:
>
> Hi all,
>
> I just tried a reverse dns lookup on whoismydns.com for my
> wife's computer on a family-member's network.
>
> Result:
> DNS Server: 67.231.208.167
> Reverse DNS: pub-cdns3-wlfdle-eth1.rpub.net.rogers.com
> IP Owner: Rogers
>
> Does this seem correct? I have my dns settings set on my
> machine and I get my expected DNS results on my machine on
> this family member's network. Is there any reason to be
> concerned here?
>
> I had noticed a while back, before upgrades on this family
> member's network, that utopia.net was being used as the DNS
> server. It was on more than one machine that used that
> network. Now I'm wondering if somehow this network was
> routing, in a still-problematic way, but just via a local address?
>
> I may have confused some concepts as I am just getting my feet
> wet with this topic of DNS servers.
>
> If anyone has suggestions to confirm if the network is
> properly setup, please let me know.
>
>
> Why are you looking up the DNS, when you want to look up your
> wife's computer? Look up her WAN address.
> Her host name should be something like cpe<router MAC>-cm<modem
> MAC>.cpe.net.cable.rogers.com. Host name changed to protect the
> guilty. ;-)
>
> She should also have IPv6 addresses.
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
>
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dave.collier-brown at indexexchange.com | -- Mark Twain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20201122/8cc9e523/attachment.html>
More information about the talk
mailing list