0

From few months, we are experiencing issue with lots many Google web sites. On diagnose we realize that our proxy server getting wrong IP addresses for those domain names. I got chance to collect some information for googleads.g.doubleclick.net which are mentioned below for reference. Strange thing is, TTL value for this DNS cache is too high. For below entry it is expiring in year on 2060.

Anyone have any clue on it? We experienced this with www.googleadservices.com as well..

DNS Host Name Information
Host name: googleads.g.doubleclick.net.
IP addresses:  173.194.36.89 173.194.36.90 173.194.36.77.
Number of IP_addresses: 3.
Round robin pointer: 2.
Status: 0.
Expiry time: [14/Dec/2060:14:54:21 -0000]
Last access time: [25/Feb/2016:09:06:29 -0000]
Access count: 2,419,908.
Global refresh time: [01/Jan/1996:00:00:00 -0000]
Flags: 0.
Length of entry: 180.
Hash signature: -279,547,480.
Lookup duration: 146.
Canonical name: pagead46.l.doubleclick.net
Alias names: googleads.g.doubleclick.net
Response code: 0.
Cached entry is valid: 1

DNS Response data:
Official Host Name: pagead.l.doubleclick.net
Alias: www.googleadservices.com
Resolved Addresses:
  173.194.36.77
  173.194.36.90
  173.194.36.89
Cache TTL: 1413872452, cache HIT
DNS Resolver Response: Success
MadHatter
  • 78,442
  • 20
  • 178
  • 229
Mihir Joshi
  • 1
  • 1

1 Answers1

0

DNS is problematic like this, because devices cache, and some modify their caches, and it can be quite difficult to find out who's doing it. Even when you do know, if it's an upstream device beyond your control, stopping it can be hard.

Start by asking the device from which you resolve, to confirm that it's serving the faulty TTL. Look at the config of that device, see who its forwarders are, and query them directly, to see whether they're feeding your resolver bad information, or if your resolver has changed it itself.

In the end, the best protection against arbitrary cache modification, including cache poisoning, is DNSSEC. Sadly, doubleclick.net doesn't seem to be providing DS records at the time of writing, so even if you were set up for it, it wouldn't help in this case.

MadHatter
  • 78,442
  • 20
  • 178
  • 229