Hi,

What to do if the domain name of one of my webserver, that me and some lab members use for work related stuff, is no longer resolved by our university DNS? When I first noticed it, I could see no resolution at all while now the domain resolves to a wrong IP. The site can be normally reached on any other network so there is no problem on my side I think.

Should I just wait (now more than 24 hours) or should I try anything? I am entitled to complain to our IT even though the issue is only with this not-really-professional FreeDNS subdomain?

EDIT: apparently some automatism marked this domain as malicious (absolutely it is not, not willingly and not compromised) and somehow DNS resolves to CNAME sinkhole.paloaltonetworks.com.

  • lungdart
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    2
    ·
    2 years ago

    I would migrate the domain. Don’t bother with flakey services. Cloudflare free tier can do some amazing things.

    In the meantime set it in your host file to the correct IP to get by.

    • aesir@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 years ago

      I see your point, but now I do not think it is FreeDNS fault. DNSChecker.org shows my domain name properly resolved worldwide, and so it has been for months. I also created a second subdomain just now, exactly as the non-working one, and was properly resolved within seconds at my work pc. So I do not blame FreeDNS, I think it is our internal DNS server that is messed up or even hijacked.

      • lungdart
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        2 years ago

        Try changing your DNS server in that case!

        • aesir@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 years ago

          I tried to set it to 8.8.8.8 but I have still the same result. Can it be overridden at the router level? So far the only solution is to manually add the damn line to etc/hosts.

          • taladar@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 years ago

            Probably not your problem but if 8.8.8.8 has some wrong DNS record cached you can flush the cache for one name at https://dns.google/cache and for 1.1.1.1 at https://one.one.one.one/purge-cache/

            There are also commands on each of the major operating systems to flush local caches.

            It is also possible that DHCP or IPv6 router advertisements reset your manual DNS setting of 8.8.8.8 depending on how you set it.

            • marsara9@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              2 years ago

              Another thing that can be happening is that the router or firewall is redirecting all port 53 traffic to their internal DNS servers. (I do the same thing at home to prevent certain devices from ignoring my router’s DNS settings cough Android cough)

              One way you can check for this is to run “nslookup some.domain” from a terminal and see where the response comes from.

              • aesir@lemmy.worldOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                2 years ago

                What does it mean?

                nslookup my.domain.com
                Server:  dns.google
                Address:  8.8.8.8
                
                Non-authoritative answer:
                Name:    my.domain.com
                Addresses:  ::1
                          xx.x.xx.xxx (wrong IPV4 address from the other side of the world)
                

                If I use 8.8.8.8 at home addresses is first of all “address” and is correct.

                • marsara9@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  2 years ago

                  That looks like 8.8.8.8 actually responded. The ::1 is ipv6’s localhost which seems odd. As for the wong ipv4 I’m not sure.

                  I normally see something like requested 8.8.8.8 but 1.2.3.4 responded if the router was forcing traffic to their DNS servers.

                  You can also specify the DNS server to use when using nslookup like: nslookup www.google.com 1.1.1.1. And you can see if you get and different answers from there. But what you posted doesn’t seem out of the ordinary other than the ::1.

                  Edit just for shits and giggles also try nslookup xx.xx.xx.xx where xx.xx… is the wrong up from the other side of the world and see what domain it returns.

            • aesir@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              2 years ago

              Interesting, thanks. I think this is what it is happening. Feels like I can put whatever DNS server and still end up with an internal one.

          • lungdart
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 years ago

            Your host sets it’s own DNS servers, if the router isn’t on the list, they don’t get pinged. Now they could try to man in the middle you, so you could try DNS over TLS, but it’s probably not your issue.

            You’re DNS server settings likely never took hold. Like if you use a DHCP client, then override your DNS settings, that won’t take effect until you request a new DHCP connection.

            Some Linux distros will have local DNS servers that you always point to which are a pain to update as well. Not sure about Windows and MAC.

            good luck man!