A case of non-existent DNS entries coming to life
$ ping -c2 blah.blah PING blah.blah (22.214.171.124) 56(84) bytes of data. 64 bytes from a23-202-231-169.deploy.static.akamaitechnologies.com (126.96.36.199): icmp_seq=1 ttl=53 time=71.5 ms
I ran the above command on a whim on my new raspberry pi and was surprised by the result. That DNS entry does not exist. And neither does the tld. WTF?
What about fhdskfsdafs.google.com ?
Let’s try this
$ ping -c2 fhdskfsdafs.google.com PING fhdskfsdafs.google.com (188.8.131.52) 56(84) bytes of data. 64 bytes from a23-217-138-110.deploy.static.akamaitechnologies.com (184.108.40.206): icmp_seq=1 ttl=58 time=6.94 ms
Ok something is up! And why do I see akamai in there. I am sure Google has its own network. I fire up the browser on my macbook and I get Server Not Found; which is expected.
So what’s the difference between the pi and the macbook. Macbook is set to use
220.127.116.11 as the nameserver (set manually a long time ago) while the pi defaults to the home router which is a box provided by my ISP. I did change ISPs about a year ago.
Here are a couple of runs with specific name servers.
192.168.1.254 is the ISP box.
$ nslookup blah.blah 192.168.1.254 Server: 192.168.1.254 Address: 192.168.1.254#53 Non-authoritative answer: Name: blah.blah Address: 18.104.22.168 Name: blah.blah Address: 22.214.171.124 $ nslookup blah.blah 126.96.36.199 Server: 188.8.131.52 Address: 184.108.40.206#53 ** server can't find blah.blah: NXDOMAIN
I remove the custom name servers from my macbook and load these
non-existent pages. Guess what they load just fine and look like a scam page from the 90s. Note the missing encryption.
My initial thought - my ISP’s DNS is messed up, which is pretty bad. But no, this is worse. This was done intentionally. Look at the branding on that page. That’s right I am with AT&T (the only ones offering 1Gbps in San Jose, California)
I am not alone
Some googling for
dns error assist brings me to https://gist.github.com/CollinChaffin/24f6c9652efb3d6d5ef2f5502720ef00
Wow! Thank you Colin
I went through the steps and was able to opt-out of the service.
I also tried to update the Name Servers used by the ISP’s router. Turns out you can’t! Ofcourse I can manually set the name servers on all the devices in the house; it gets tiring. Going forward; I need to get my own router and use the ISP modem in “dumb” mode.
Before I wrap up, here’s what curl would look like for these domains
$ curl -I http://blah.blah HTTP/1.1 200 OK Date: Thu, 18 Jun 2020 06:01:41 GMT Connection: close # atleast 443 gets a connection refused $ curl -I https://blah.blah curl: (7) Failed to connect to blah.blah port 443: Connection refused
Frankly, I am appalled at this; but not surprised at the same time. But thankfully HTTPs is becoming very common. And hopefully DNSSEC will be everywhere one day.