Charter DNS servers returning invalid IP addresses

• Previous message (by thread): Charter DNS servers returning invalid IP addresses
• Next message (by thread): Charter DNS servers returning invalid IP addresses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That does help Greg.

I've heard from a few other folks on the list that the domain is 
considered suspicious by a few different providers like this.  It's a 
turnkey Squarespace gallery/ecommerce site so I'm not sure why it would 
be classified as a threat, but perhaps a previous domain holder was 
doing something that could have been and these reports are just 
outdated?

- Jason

On 2023-10-25 1:41 pm, Greg Dickinson wrote:

> If it helps troubleshooting, when I click the domain in the email 
> Mimecast tells me:
> 
> "We checked the website you are trying to access for malicious and 
> spear-phishing content and found it likely to be unsafe."
> 
> Greg Dickinson, CCNA
> 
> Network Engineer
> 
> From: NANOG <nanog-bounces+greg.dickinson=bryantbank.com at nanog.org> On 
> Behalf Of Mark Andrews
> Sent: Wednesday, October 25, 2023 1:27 PM
> To: Jason J. Gullickson <mr at jasongullickson.com>
> Cc: nanog at nanog.org
> Subject: Re: Charter DNS servers returning invalid IP addresses
> 
> This Message originates from outside Bryant Bank.   Please use caution 
> when opening this correspondence, attachments or hyperlinks (URLs).  If 
> you have questions, please contact IT Support.  Thank you.
> 
> It's being filtered. Only Charter can tell you why.
> 
> --
> 
> Mark Andrews
> 
>> On 26 Oct 2023, at 05:07, Jason J. Gullickson via NANOG 
>> <nanog at nanog.org> wrote:
> 
>> I've been working for a week or so to solve a problem with DNS 
>> resolution for Charter customers for our domain bonesinjars.com [1].  
>> I've reached-out to Charter directly but since I'm not a customer I 
>> couldn't get any help from them.  I was directed by a friend to this 
>> list in hopes that there may be able to reach a Charter/Spectrum 
>> engineer who might be able to explain and/or resolve this one.
>> 
>> A dig against Google's DNS servers correctly returns 4 A records:
>> 
>> dig bonesinjars.com [1] 8.8.8.8 [2]
>> 
>> ; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> bonesinjars.com [1] 
>> 8.8.8.8 [2]
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31383
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 65494
>> ;; QUESTION SECTION:
>> ;bonesinjars.com [1].               IN      A
>> 
>> ;; ANSWER SECTION:
>> bonesinjars.com [1].        60      IN      A       198.49.23.145 [3]
>> bonesinjars.com [1].        60      IN      A       198.185.159.145 
>> [4]
>> bonesinjars.com [1].        60      IN      A       198.49.23.144 [5]
>> bonesinjars.com [1].        60      IN      A       198.185.159.144 
>> [6]
>> 
>> ;; Query time: 1039 msec
>> ;; SERVER: 127.0.0.53#53(127.0.0.53) [7] (UDP)
>> ;; WHEN: Mon Oct 23 10:26:32 CDT 2023
>> ;; MSG SIZE  rcvd: 108
>> 
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26879
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 65494
>> ;; QUESTION SECTION:
>> ;8.8.8.8 [2].                       IN      A
>> 
>> ;; Query time: 35 msec
>> ;; SERVER: 127.0.0.53#53(127.0.0.53) [7] (UDP)
>> ;; WHEN: Mon Oct 23 10:26:32 CDT 2023
>> ;; MSG SIZE  rcvd: 36
>> 
>> Verizon, AT&T, Comcast and all other DNS servers we tested return the 
>> same 4 A records.  However the same dig against a Charter DNS 
>> (24.196.64.53 [8]) returns only 127.0.0.54 [9]
>> 
>> dig bonesinjars.com [1] 24.196.64.53 [8]
>> 
>> ; <<>> DiG 9.16.1-Ubuntu <<>> bonesinjars.com [1] 24.196.64.53 [8]
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17691
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 65494
>> ;; QUESTION SECTION:
>> ;bonesinjars.com [1].        IN    A
>> 
>> ;; ANSWER SECTION:
>> bonesinjars.com [1].    60    IN    A    127.0.0.54 [9]
>> 
>> ;; Query time: 55 msec
>> ;; SERVER: 127.0.0.53#53(127.0.0.53) [7]
>> ;; WHEN: Tue Oct 24 13:28:36 CDT 2023
>> ;; MSG SIZE  rcvd: 60
>> 
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4658
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 65494
>> ;; QUESTION SECTION:
>> ;24.196.64.53 [8].            IN    A
>> 
>> ;; ANSWER SECTION:
>> 24.196.64.53 [8].        86400    IN    A    24.196.64.53 [8]
>> 
>> ;; Query time: 27 msec
>> ;; SERVER: 127.0.0.53#53(127.0.0.53) [7]
>> ;; WHEN: Tue Oct 24 13:28:36 CDT 2023
>> ;; MSG SIZE  rcvd: 57
>> 
>> Any help understanding and addressing this is greatly appreciated!
>> 
>> Jason
> 
> NOTICE: This electronic mail message and any files transmitted with it 
> are intended exclusively for the individual or entity to which it is 
> addressed. The message, together with any attachment, may contain 
> confidential and/or privileged information. Any unauthorized review, 
> use, print, save, copy, disclosure or distribution is strictly 
> prohibited. If you have received this message in error, please 
> immediately advise the sender by reply email and delete copies.  Thank 
> you.


Links:
------
[1] 
https://secure-web.cisco.com/1QYzTVngb5oZ1KLAZyMPvb_h9plEnlxSg987WNlsBgaLug2z-wCDx1wrGIgQQEYsHUdgOcjhswf6mSTPbxkpx_PSBYcpJqL3ro-v_aACZlNSMkqb3exaatMssNXfmJgrveUz-UxuXL2M6AawZ3YEd2vM7Kn-1B-sSpAmZc-6V7EyX6S7ooOf7RD6nlw33qjyxRPUak-lV6-AnanVZZWHYe0Ijj2I8HL4AXQguBAmbNk0MbHeyA8Ga1AuXMgXyQit9G2GXOjM0MvxVStf6Mv8skAFEdXbUFd_oPIdEKAMTJTlEuw2TG-foZB4ZVBC4mckU/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2FSJmKC8XrW7CjJ2MFn0cqx%3Fdomain%3Dbonesinjars.com
[2] 
https://secure-web.cisco.com/1imxdVmCYKyqq5wulvqemEVFHic8KD5Xk1Q4EqDP-l4FLBVdWJDIOSKp41SSdsFISBJV1TPTQY179COdaURZsSkdbtkyBBd44NKV3A0JKV3nzk3_LnalsOhuow7MuiyMbecMAup_h6gGYQ4SOepC2sVtx0EZqiF9AQ5wSSa_LXF_9b5yF7LShmlxRpl1VJAFF3lgjvglh119EKQGIlesw0u9fm6-P0xxB3-KWORmNACLchQhN4VOX4fAZrs0JD8uwyA61yG4PnOfBkCXk_vhDRTDWMd0ImD5Yq0jq0PIfmYKq9xjitIMY22qJtE1rSgAr/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2FBzURC93vG7smZlKfEbQ7C%3Fdomain%3D8.8.8.8
[3] 
https://secure-web.cisco.com/1QeSRq_up-pqhHIDl6xF_GqRzLweZJXtuPVjonTJoPahw1QlkpOrVB8YIHlYjNNDOCI4OBkPM-SvRKLvMALQ5_dz44XUtxiLiofA9CXx6d1wodHFpc6AnxdaSeJOZx7mAb-_rkGKan8YM2P0y7k_U4Mz5qf9CKuXi_PaAWlKcoVvds50HiNKqYDV_FB418o77CzHZuKAuNvs8Mmxs8WDai5fC-gwdeBDcLD0SL86Br932u8IJRH-841O2eUDO470EfM-0dsPH1MWiQ0KJW5yMhgW3P34mf1eAvh-2cgaDQTzZA74Lkm-6Tzc8oZtY5p2M/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2Fx_RWC0AjEyt2E7Wf2GpkC%3Fdomain%3D198.49.23.145
[4] 
https://secure-web.cisco.com/1O5fWfiQWb4UoojSFAKsG6sZg-r7ZoEBLPCb-nUjBFPD_pxRVOi8oMmCRW-Mfcz9eSl76mY5nxexbCbHEJxOZvBJdlGhyxITjNRyVwiUsKZmfQKmrj4_HVkftE8bLQ5-XGKIAAIQ-wZsERIw0xspD1uLkvZFTA0NyDUlJSn1MBUs4VQFz0ukRM6IMkmAyYPjKXSa2gGSZLQzI524esQl_DlmJqxzpdC9ZYxHCjdeM50AFZqw7DBzzkeP_pLYbfhHRbuOWZZdxBP8F2ODIOCZznN3fV3F6pY9kc8I-LWi4BBv-_wiRqTAlvOADiCI5wJ7B/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2F8h5WCg7W8VUlgoWt3OlY4%3Fdomain%3D198.185.159.145
[5] 
https://secure-web.cisco.com/1Gksy1SWwjLAq6x2FUfJ0MAAMBhgV-1-7Zc08k_Cg-Z8MCVm7dbTMrlPLD-TQlaWePQOE7GbeTaTraAeiJCc0d4iu33sZj9mL84SiBCIe8q2me5c3yyVFo7yPWu-dLXsPQHD4OgVp7ng69L5TVvKkDhbD6wqk7kHAPv5qlkXEUptlKY0v1HShhevQ7lKgaPCj2rWW4Q-7Qqg8UM0lK9kWT-YWh98oCXOXBiTDHcqisVo9PMIqBFWgt4bCM8NgzzlhU9OiGZ8AXEYmhGO1y8VT_xjBGkoB7UffPWRP2LLewWwJWp7ThPNOC3r9Frl2aeDG/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2F9hSMCjAW5Vtj6BJF1fcXc%3Fdomain%3D198.49.23.144
[6] 
https://secure-web.cisco.com/1Vr7XwiMhFeLf9cMeTNX15HD8WHYJL270KD2MioSlgRG1OZOTdHztceZS105N0_tgssZ8_mT0KbAZmCjzFztSvClt49arHyaj_dR_uRaCDMbO2_JFF9kUU38SacbWlgJCOGv0A6XZv5WFrKwXAJOfyBbPAwuaSqPxJ_zi3bGpeXbNN5C67tArrBmUxBPI-M5igsmueF5dScQYJnPi906IXIKD-wPHhlDvp4ig06GAosRHtSBm_vA4nb_Wy4dzih_hcQQrhSCAOI37Kmf5ybVjmVOBjMIPEZRukzd06KsDopfCBQ0JOY7N56dWc5ChjRlX/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2FXcRmCk6WBVinLK0s8VH6O%3Fdomain%3D198.185.159.144
[7] 
https://secure-web.cisco.com/1oHf3Mm9qxwW_PH8S4pY1BmQR998AjECHdJ2k33Ke6Rw8OcQ1cnLtUG3Rh7_IZGrOStkwz_f9VeOOtZRLD81WxqmbutZu-3YfjCyvlSfRZ9t8K9yKoMSBY4teD1ch1oyg4pRf9NCTVGeUaXblF7EnqpSi2eDXbJwpDEy6diF1quyWUiAbBd8fsIK5uQpWvA7lcoHrgaE0osMAvqfUHwWF-ZkT8h0xgFNhXkAOWtIAo7n8D1YfkE4I_mSpZIspC4oiijILP15PzjChrZkfJhLwEMgj8swiPbxexelmdJ_9aAx3XVU-659YjPXKGSQfTfMj/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2FPCwtCl8WXVfo9VKSV4pXj%3Fdomain%3D127.0.0.53
[8] 
https://secure-web.cisco.com/1MWCKSLA6JNuYXb1c5Hf_dGEOanOe-z4Ba3wu58c8y7ovolaWkmwgvw1y9VINW7E-iYrioRIunmH6rcdi1nR4jAaJxKhhVY3K2-iJohl16QTQxP6-bQZ9gUaKK1BKqhHU3xa7PuPKH9fV1_-Xt0utZMnJBId5JNn41g-ReHQbQoUubYws92XudwEvClcRLPPrTu3n45B9PktjiHUzSV4vUo0B3SDfIY2PhXbxESWX9a4b7pLE9UNg3I6ioAMjtRhEJCLo3Qb50WzzWx8rZrb3g0z3a6pbD6bFPGsHj1tMsqL8zX4GMjDVpsCTvuHt3Wgd/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2FCTLTCm7W8VU50gYi3olZq%3Fdomain%3D24.196.64.53
[9] 
https://secure-web.cisco.com/1fh0FafrN8nhI9wEWZaByw3sg2sf9Kz5Vk5p1BkCmxRU0aH9nIP51uLT6nXBLl1eyTKVKJ0ChA32iQrcFPxySd9YaQhCef4LLlwHJNmnpEBLJmcdirIsMRcrjRpvdz4Ow0CWpwXX-IS_k0xC3NYU7wqVTCpd6x7xOUh3VLNqSRLsLh3KtenzYnclWWghbPuv4LdXQrw4TWQYywXzorXtnydTAvmJilo-OkuCFD7Vdu-j19hEcGFviQpjNUIoHSkeCzEWNjg_cAD_UtmfpzigPZNpNdiegWHssQkSoSkFIOnMHrqiQAQRyz54FBSTKWcCv/https%3A%2F%2Fprotect-usb.mimecast.com%2Fs%2F7qHPCnGW7VTGyPLCvdGr6%3Fdomain%3D127.0.0.54
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231025/08a73067/attachment.html>

• Previous message (by thread): Charter DNS servers returning invalid IP addresses
• Next message (by thread): Charter DNS servers returning invalid IP addresses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]