On Friday, April 11, 2014 08:01:39 PM David Haller wrote:
Hello,
On Fri, 11 Apr 2014, C. Brouerius van Nidek wrote:
So, the suspect DNS server is "68.168.98.196" - but this DNS server
It looks fishy though.
OrgName: Codero OrgId: APHIN Address: 5750 W. 95th St., Suite 300 City: Overland Park StateProv: KS PostalCode: 66207 Country: US RegDate: 2009-07-21 Updated: 2014-03-05 Ref: http://whois.arin.net/rest/org/APHIN
Forgot the existance of whois. Do not use it regularly :(
That seems to be a Hosting-Provider in the US, though it's website seems unreachable (neither a IP for codero.net nor www.codero.net is found) at their DNS-Server. But codero.com is available.
$ traceroute 68.168.98.196 14 xe-1-0-0.mpr3.phx2.us.above.net (64.125.27.97) 160.416 ms 159.162 ms 159.997 ms 15 64.125.192.194.t00738-01.above.net (64.125.192.194) 159.161 ms 159.800 ms 162.699 ms 16 edge2_cr1.phx.codero.com (216.55.184.106) 161.887 ms 163.486 ms 164.611 ms Unable to look up 69.64.66.26: Temporary failure in name resolution 17 69.64.66.26 165.099 ms 164.472 ms 166.402 ms 18 68-168-98-196.dedicated.codero.net (68.168.98.196
That means (looking at codero.com), that the fishy-"DNS" in question seems to be a dedicated server hosted at codero.com/.net.
But one small question remains. I get a DNS from my ISP. My ISP is in Indonesia so I would expect to get a DNS closer home. Or am I wrong there?
Brouerius, your provider's DNS are these (assuming you use your provider's e-mail to mail here):
$ dig ns indo.net.id [..] ;; ANSWER SECTION: indo.net.id. 21149 IN NS ns2.indo.net.id. indo.net.id. 21149 IN NS ns1.indo.net.id. indo.net.id. 21149 IN NS ns1.cbn.net.id. indo.net.id. 21149 IN NS ns2.cbn.net.id. indo.net.id. 21149 IN NS ns1.id
$ for h in ns2.indo.net.id ns1.indo.net.id ns1.cbn.net.id ns2.cbn.neid ns1.id ; do nslookup $h | grep -A1 Name ; done Name: ns2.indo.net.id Address: 202.159.33.2 Name: ns1.indo.net.id Address: 202.159.32.2 Name: ns1.cbn.net.id Address: 202.158.20.1 Name: ns2.cbn.net.id Address: 202.158.40.1 Name: ns1.id Address: 202.155.30.227
The indo.net.id is my email address but I get my internet connection from telkom.net. My router was connected at 36.69.96.1 and after I reset the router is now 180.252.96.1. The first one pointing my geographical center in the province and the second pointing towards Jakarta, the capital. The first address showed up after are set done by a worker from telkom.net, the second done by me yesterday. Do not understand what this worker did different but do not care much. My home is some 60 km from Jakarta and some 90 km from Rankasbitung. Parental control is not common at my age (74) rofl. -- Linux User 183145 using KDE4 and LXDE on a Pentium IV , powered by openSUSE 13.1 (i586) Kernel: 3.14.0-23.gfa168d7-default KDE Development Platform: 4.12.4 12:38pm up 11:21, 3 users, load average: 0.73, 0.78, 1.09 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org