Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] DNS returns wrong ip
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
musv
Advocate
Advocate


Joined: 01 Dec 2002
Posts: 3254
Location: de

PostPosted: Mon Feb 11, 2019 2:03 pm    Post subject: [solved] DNS returns wrong ip Reply with quote

Hi there,

it's not a Gentoo problem. It's more a general networking problem.

I'm behind a company wifi-network. And I'm trying to access binance.com. And for some reason I only get the IP of the internal DNS server even when I request the hostname to a public DNS server. Traceroute with the IP works.

Code:
nslookup binance.com
Server:      85.214.20.141 <- public DNS configured in my /etc/resolv.conf
Address:   85.214.20.141#53

Name:   binance.com
Address: 10.122.12.254 <- internal DNS Server

nslookup google.com
Server:      85.214.20.141
Address:   85.214.20.141#53

Non-authoritative answer:
Name:   google.com
Address: 216.58.207.46
Name:   google.com
Address: 2a00:1450:4001:824::200e


Do I ssh to a machine outside the wifi and use dig:
Code:
dig binance.com @85.214.20.141

; <<>> DiG 9.12.2-P1 <<>> binance.com @85.214.20.141
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56916
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 8

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;binance.com.         IN   A

;; ANSWER SECTION:
binance.com.      60   IN   A   13.112.130.122
binance.com.      60   IN   A   52.199.24.163

;; AUTHORITY SECTION:
binance.com.      134325   IN   NS   ns-234.awsdns-29.com.
binance.com.      134325   IN   NS   ns-1701.awsdns-20.co.uk.
binance.com.      134325   IN   NS   ns-1319.awsdns-36.org.
binance.com.      134325   IN   NS   ns-735.awsdns-27.net.

;; ADDITIONAL SECTION:
ns-234.awsdns-29.com.   98937   IN   A   205.251.192.234
ns-234.awsdns-29.com.   165668   IN   AAAA   2600:9000:5300:ea00::1
ns-735.awsdns-27.net.   172081   IN   A   205.251.194.223
ns-1319.awsdns-36.ORG.   55981   IN   A   205.251.197.39
ns-1319.awsdns-36.ORG.   83374   IN   AAAA   2600:9000:5305:2700::1
ns-1701.awsdns-20.co.uk. 166587   IN   A   205.251.198.165
ns-1701.awsdns-20.co.uk. 1779   IN   AAAA   2600:9000:5306:a500::1

;; Query time: 54 msec
;; SERVER: 85.214.20.141#53(85.214.20.141)
;; WHEN: Mo Feb 11 14:51:59 CET 2019
;; MSG SIZE  rcvd: 378


The wifi-internal trial of the same:
Code:
 dig binance.com @85.214.20.141

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-13.P2.fc29 <<>> binance.com @85.214.20.141
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10840
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e4ed3b74b0cb5627968a4b385c617e135eccd4d68b408c68 (good)
;; QUESTION SECTION:
;binance.com.         IN   A

;; ANSWER SECTION:
binance.com.      300   IN   A   10.122.12.254

;; AUTHORITY SECTION:
.         300   IN   NS   internal.company.de.

;; ADDITIONAL SECTION:
internal.company.de.      300   IN   A   10.122.12.254

;; Query time: 7 msec
;; SERVER: 85.214.20.141#53(85.214.20.141)
;; WHEN: Mo Feb 11 14:51:53 CET 2019
;; MSG SIZE  rcvd: 123


The difference in both requests is the aa flag (authoritative answer), which is only listed in the non-working request.

Even on my mobile phone (connected to the same wifi) I can't access binance.com. So I assume, for some reason, this domain is blocked. But I don't understand how is it possible to the change the output of all the DNS tools (host, dig, nslookup). And for some reason, traceroute with bypassing the ip instead of the domain name works.

What can I do to get this domain name correctly resolved?


Last edited by musv on Tue Feb 12, 2019 11:09 am; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7238
Location: almost Mile High in the USA

PostPosted: Mon Feb 11, 2019 6:00 pm    Post subject: Reply with quote

You probably have transparent proxying of DNS requests going on your network. DNSsec is supposed to prevent people from setting up these transparent dns proxies. You'll need to tunnel out DNS requests on a different port, most likely.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14183

PostPosted: Tue Feb 12, 2019 3:06 am    Post subject: Reply with quote

Someone with control of key network devices (hopefully, your authorized IT department, not some random hacker) has configured the router to redirect DNS requests to a server that selectively lies to you. Traceroute works because they are not intercepting it. To fix this, file a help desk request to ask that resolution of the domain be unblocked. Breaking DNS this way is not done accidentally, so I rather expect the helpdesk ticket will be closed with a refusal to change anything.
Back to top
View user's profile Send private message
musv
Advocate
Advocate


Joined: 01 Dec 2002
Posts: 3254
Location: de

PostPosted: Tue Feb 12, 2019 8:19 am    Post subject: Reply with quote

Thanks. At least I understand the source of the problem now.
Back to top
View user's profile Send private message
musv
Advocate
Advocate


Joined: 01 Dec 2002
Posts: 3254
Location: de

PostPosted: Tue Feb 12, 2019 11:09 am    Post subject: Reply with quote

Found a solution:

I've installed dnsmasq and use the OpenDNS server on port 5353.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum