[GTALUG] Reverse DNS different that DNS server (reverse is a local address)

Dave Collier-Brown davecb.42 at gmail.com
Sun Nov 22 17:02:59 EST 2020 

Depending on what kind of problems you're seeing, you probably want to 
do a traceroutefrom a network where you have good 
performance/reliability to someplace distant (I use slashdot.org (:-)), 
land then again from the doubtful network.

The names you see are sometimes clear...

[davecb at miles Networking]$ traceroute slashdot.org

traceroute to slashdot.org (216.105.38.15), 30 hops max, 60 byte packets

  1  _gateway (192.168.7.1)  0.409 ms  0.402 ms  0.246 ms

  2  10.0.0.1 (10.0.0.1)  2.168 ms  2.784 ms  2.962 ms

  3  99.240.238.1 (99.240.238.1)  19.416 ms  14.751 ms  14.897 ms

  4  8081-dgw01.ym.rmgt.net.rogers.com (67.231.222.137)  19.446 ms  14.282 ms  14.152 ms

  5  69.63.249.221 (69.63.249.221)  19.653 ms  19.892 ms  19.737 ms

  6  209.148.235.218 (209.148.235.218)  14.454 ms  18.395 ms  18.287 ms

  7  ae58.bar3.Toronto1.Level3.net (4.59.180.41)  34.759 ms  34.188 ms  34.265 ms

  8  ae-2-3611.edge2.NewYork6.Level3.net (4.69.209.82)  40.920 ms  41.218 ms  41.547 ms

  9  * * *

10  los-edge-08.inet.qwest.net (67.14.22.202)  103.209 ms  96.349 ms  102.989 ms

11  65-126-18-126.dia.static.qwest.net (65.126.18.126)  94.487 ms  94.216 ms  83.169 ms

12  br05-te0-0-1-6.lwdc.americanis.net (207.158.62.109)  82.873 ms  82.800 ms  83.479 ms

13  ar07-te13-3.lwdc.americanis.net (209.216.192.66)  83.737 ms * *

14  216.105.38.15 (216.105.38.15)  89.270 ms  83.401 ms  83.303 ms


For example, 8081-dgw01.ym.rmgt.net.rogers.com is Rogers, etc. For 
missing or more obscure names, use command-line whois with the IP address:

[davecb at miles Networking]$  whois 69.63.249.221

[Querying whois.arin.net]

[whois.arin.net]

#

# ARIN WHOIS data and services are subject to the Terms of Use

# available at: https://www.arin.net/resources/registry/whois/tou/

#

# If you see inaccuracies in the results, please report at

# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/

#

# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.

#

NetRange:       69.63.240.0 - 69.63.255.255

CIDR:           69.63.240.0/20

NetName:        ROGERS-COM-INFR

NetHandle:      NET-69-63-240-0-1

Parent:         NET69 (NET-69-0-0-0-0)

NetType:        Direct Allocation

OriginAS:       AS812

Organization:   Rogers Communications Canada Inc. (RCC-184)

RegDate:        2008-05-01

Updated:        2017-01-06

Ref:            https://rdap.arin.net/registry/ip/69.63.240.0

You will get two things:

 1. Who it passes through, eg, Utopia, Bell or Rodgers
 2. How /long it takes /to get to each new network

I have a script that subtracts the lines of three sample times from one 
another, but eyeballs work well, too (;-))

I'd be curious to see which Utopia you get: Mumbai or Utah (;-))

--dave



On 2020-11-22 2:45 p.m., Joseph Rocklin via talk wrote:
> Sorry. My wife and I are trying to discern if my BIL's network was a 
> problem in the past. It has been the family's network. The kids and 
> her computer in the past had routed via utopia.net when we entered in 
> addresses or search terms. I am trying to see if there is anything 
> wrong with my BIL's network now. I am a bit suspicious based on what I 
> read about utopia.net. My wife wants me to find more significant 
> findings before she allows herself to question matters. I don't know 
> all that much except that utopia.net was noted as a malware site on 
> many searches I've done.
>
>
> Nov 22, 2020, 2:29 PM by talk at gtalug.org:
>
>     On 2020-11-22 2:13 p.m., Joseph Rocklin via talk wrote:
>
>         Hi all,
>
>         I just tried a reverse dns lookup on whoismydns.com for my
>         wife's  computer on a family-member's network.
>
>         Result:
>         DNS Server: 67.231.208.167
>         Reverse DNS: pub-cdns3-wlfdle-eth1.rpub.net.rogers.com
>         IP Owner: Rogers
>
>         Does this seem correct? I have my dns settings set on my
>         machine and I get my expected DNS results on my machine on
>         this family member's network. Is there any reason to be
>         concerned here?
>
>         I had noticed a while back, before upgrades on this family
>         member's network, that utopia.net was being used as the DNS
>         server. It was on more than one machine that used that
>         network. Now I'm wondering if somehow this network was
>         routing, in a still-problematic way, but just via a local address?
>
>         I may have confused some concepts as I am just getting my feet
>         wet with this topic of DNS servers.
>
>         If anyone has suggestions to confirm if the network is
>         properly setup, please let me know.
>
>
>     Why are you looking up the DNS, when you want to look up your
>     wife's computer?  Look up her WAN address.
>     Her host name should be something like cpe<router MAC>-cm<modem
>     MAC>.cpe.net.cable.rogers.com.  Host name changed to protect the
>     guilty. ;-)
>
>     She should also have IPv6 addresses.
>
>     ---
>     Post to this mailing list talk at gtalug.org
>     Unsubscribe from this mailing list
>     https://gtalug.org/mailman/listinfo/talk
>
>
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dave.collier-brown at indexexchange.com |              -- Mark Twain

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20201122/8cc9e523/attachment.html>

More information about the talk mailing list