A case of non-existent DNS entries coming to life
blah.blah exists?
$ ping -c2 blah.blah
PING blah.blah (23.202.231.169) 56(84) bytes of data.
64 bytes from a23-202-231-169.deploy.static.akamaitechnologies.com (23.202.231.169): icmp_seq=1 ttl=53 time=71.5 ms
I ran the above command on a whim on my new raspberry pi and was surprised by the result. That DNS entry does not exist. And neither does the tld. WTF?
What about fhdskfsdafs.google.com ?
Let’s try this fhdskfsdafs.google.com
$ ping -c2 fhdskfsdafs.google.com
PING fhdskfsdafs.google.com (23.217.138.110) 56(84) bytes of data.
64 bytes from a23-217-138-110.deploy.static.akamaitechnologies.com (23.217.138.110): icmp_seq=1 ttl=58 time=6.94 ms
Huh? Akamai?
Ok something is up! And why do I see akamai in there. I am sure Google has its own network. I fire up the browser on my macbook and I get Server Not Found; which is expected.
Name Servers
So what’s the difference between the pi and the macbook. Macbook is set to use 8.8.8.8
as the nameserver (set manually a long time ago) while the pi defaults to the home router which is a box provided by my ISP. I did change ISPs about a year ago.
Here are a couple of runs with specific name servers.
192.168.1.254
is the ISP box.
$ nslookup blah.blah 192.168.1.254
Server: 192.168.1.254
Address: 192.168.1.254#53
Non-authoritative answer:
Name: blah.blah
Address: 23.202.231.169
Name: blah.blah
Address: 23.217.138.110
$ nslookup blah.blah 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find blah.blah: NXDOMAIN
Seriously?
I remove the custom name servers from my macbook and load these non-existent
pages. Guess what they load just fine and look like a scam page from the 90s. Note the missing encryption.
My initial thought - my ISP’s DNS is messed up, which is pretty bad. But no, this is worse. This was done intentionally. Look at the branding on that page. That’s right I am with AT&T (the only ones offering 1Gbps in San Jose, California)
I am not alone
Some googling for dns error assist
brings me to https://gist.github.com/CollinChaffin/24f6c9652efb3d6d5ef2f5502720ef00
Wow! Thank you Colin
I went through the steps and was able to opt-out of the service.
Conclusion
I also tried to update the Name Servers used by the ISP’s router. Turns out you can’t! Ofcourse I can manually set the name servers on all the devices in the house; it gets tiring. Going forward; I need to get my own router and use the ISP modem in “dumb” mode.
Before I wrap up, here’s what curl would look like for these domains
$ curl -I http://blah.blah
HTTP/1.1 200 OK
Date: Thu, 18 Jun 2020 06:01:41 GMT
Connection: close
# atleast 443 gets a connection refused
$ curl -I https://blah.blah
curl: (7) Failed to connect to blah.blah port 443: Connection refused
Frankly, I am appalled at this; but not surprised at the same time. But thankfully HTTPs is becoming very common. And hopefully DNSSEC will be everywhere one day.