Need help in flushing DNS

• Previous message (by thread): Need help in flushing DNS
• Next message (by thread): Need help in flushing DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

.-- My secret spy satellite informs me that at 2013-06-20 12:31 AM
Andree Toonk wrote:
> .-- My secret spy satellite informs me that at 2013-06-19 10:34 PM  Paul
> Ferguson wrote:
> 
>>  ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A
> <SNIP>
>>  ;; ANSWER SECTION:
>>  yelp.com. 300 IN A 204.11.56.20
> 
> Interesting to see that traffic to this IP addresses is going through
> prolexic...
> I guess they're considering this as a DOS.
> 
> andree at bofh:~/src$ traceroute  204.11.57.20
> traceroute to 204.11.57.20 (204.11.57.20), 64 hops max, 52 byte packets
>  1  10.200.200.200 (10.200.200.200)  17.089 ms  13.144 ms  13.552 ms
>  2  67.215.89.1 (67.215.89.1)  20.963 ms  15.371 ms  17.026 ms
>  3  67.215.93.14 (67.215.93.14)  20.486 ms  14.458 ms  16.917 ms
>  4  ge-0-7-0-5.r06.snjsca04.us.bb.gin.ntt.net (128.241.219.145)  19.449
> ms  19.375 ms  15.274 ms
>  5  ae-2.prolexic.snjsca04.us.bb.gin.ntt.net (128.241.219.242)  17.107
> ms  23.272 ms  16.019 ms
>  6  209.200.184.34 (209.200.184.34)  14.878 ms  19.062 ms  15.776 ms
>  7  unknown.prolexic.com (72.52.30.126)  67.871 ms  64.376 ms  66.988 ms
>  8  domain.not.configured (204.11.57.20)  71.729 ms  65.830 ms  67.823 ms

Slight correction for the archives, the trace above was going to
204.11.57.20 (not 204.11.56.20) which is the IP of the NS server
(ns1620.ztomy.com), which also goes through prolexic (see above)

andree at bofh:~/src$ dig @a.gtld-servers.net www.craigslist.com  ns

; <<>> DiG 9.8.3-P1 <<>> @a.gtld-servers.net www.craigslist.com ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52520
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.craigslist.com.		IN	NS

;; AUTHORITY SECTION:
craigslist.com.		172800	IN	NS	ns1620.ztomy.com.
craigslist.com.		172800	IN	NS	ns2620.ztomy.com.

;; ADDITIONAL SECTION:
ns1620.ztomy.com.	172800	IN	A	204.11.56.20
ns2620.ztomy.com.	172800	IN	A	204.11.57.20

;; Query time: 120 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Thu Jun 20 00:50:49 2013
;; MSG SIZE  rcvd: 116


This is the trace to 204.11.56.20 also via prolexic

andree at bofh:~/src$ sudo tcptraceroute 204.11.56.20 80

Tracing the path to 204.11.56.20 on TCP port 80 (http), 30 hops max
 1  10.200.200.200  14.840 ms  21.474 ms  13.641 ms
 2  67.215.89.1  19.265 ms  13.646 ms  14.769 ms
 3  67.215.93.14  15.000 ms  15.161 ms  15.159 ms
 4  ge-0-7-0-5.r06.snjsca04.us.bb.gin.ntt.net (128.241.219.145)  15.358
ms  14.852 ms  16.432 ms
 5  ae-2.prolexic.snjsca04.us.bb.gin.ntt.net (128.241.219.242)  13.735
ms  16.149 ms  17.957 ms
 6  204.11.56.20 [open]  15.447 ms  16.897 ms  15.821 ms


Btw, one more interesting detail these used to be announced as one /23.
As of this week that's two /24's currently  204.11.56.0/24 (june 17) and
204.11.57.0/24 (june 19)

Andree

• Previous message (by thread): Need help in flushing DNS
• Next message (by thread): Need help in flushing DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]