2

I am checking website via wordwide DNS checker. DNS resolution is incorrect in some countries. What is the cause of this problem?

No problem in my other websites only this

  • Web site: downvids.net
  • System: Centos 7
  • Control Panel: directadmin


    Wordwide DNS checker results 104.239.213.7 and 198.105.254.11 not my ip addresses! What is this?
MadHatter
  • 78,442
  • 20
  • 178
  • 229
kale20
  • 157
  • 7
  • 2
    I am going to hazard a guess that your DNS provider is failing, and those two random IP addresses is Verizon hijacking `nxdomain` responses and putting advertising on them. Some of the DNS servers still have your records cached, which is why they are working, but others are not. Did you make any changes to your glue records, or to your registrar records? – Mark Henderson Feb 21 '17 at 19:25
  • Thank yo for comment, why does my DNS provider fail? How to check dns ? – kale20 Feb 21 '17 at 19:29
  • Something has changed. Did you change anything? Did you pay your bills on time? Have you let your domain registration lapse? – Mark Henderson Feb 21 '17 at 19:30
  • I can see that you are using vanity nameservers (i.e. nameservers that are on the same domain that they are serving). This means you must be using glue records with your domain registrar. Did you change your glue records? I do not see any records for `ns1.downvids.net` or `ns2.downvids.net` so I'm guessing you have done something to remove your glue records. I also see `Updated Date: 2017-02-21T16:49:46Z` in your whois, which means you did _something_ to that domain very recently. – Mark Henderson Feb 21 '17 at 19:33
  • Changed name server since 2 year ago and there was no problem when I checked it. – kale20 Feb 21 '17 at 19:33

3 Answers3

11

There does not appear to be a delegation for downvids.net in DNS, ie the net TLD nameservers claim that there is no such domain (NXDOMAIN status).

$ dig @a.gtld-servers.net downvids.net NS +norec

; <<>> DiG 9.10.4-P6-RedHat-9.10.4-4.P6.fc25 <<>> @a.gtld-servers.net downvids.net NS +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41296
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;downvids.net.                  IN      NS

;; AUTHORITY SECTION:
net.                    900     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1487705761 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Tue Feb 21 19:36:32 UTC 2017
;; MSG SIZE  rcvd: 114

$

Looking up your domain in whois, one can see:

Domain Status: clientHold

The clientHold EPP status code in itself is quite cryptic but looking up the explanation one finds:

This status code tells your domain's registry to not activate your domain in the DNS and as a consequence, it will not resolve. It is an uncommon status that is usually enacted during legal disputes, non-payment, or when your domain is subject to deletion

Ie, there is some form of problem with your domain registration rather than with DNS itself.


As for the strange response from the Verizon/Level3 server, try navigating to that address (eg http://104.239.213.7/) and everything about the behavior in combination with how you got that address for no good reason from their resolver servers suggests that it's a search page built with NXDOMAIN hijacking.


As a further sidenote, the way that Wordwide DNS checker have named their service and present the results are quite misleading compared to how the technology actually works.
Geography is not a factor, all the "worldwide" and flags and stuff is irrelevant.
It's actually all about what specific caching servers happen to have in their cache, so unless you know that you or your clients happen to be using the exact same server that they used in their test (they don't say which one they actually used, just a city/country and the name of the ISP in very fine print) it's really just a handful of examples that don't mean a whole lot and definitely don't mean much about the current results in said countries beyond one unspecified caching server of that specific ISP.

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • 2
    Looking at the domain in archive.org, I suspect you are correct re the clientHold status. I didn't even notice that when I was looking at the whois. – Mark Henderson Feb 21 '17 at 19:52
  • Thank you for best of comment. I contact name.com for "ClientHold" status. I write the results here. Thanks again – kale20 Feb 21 '17 at 20:02
3

Running a whois on your domain reveals that you are using vanity nameservers - that is, name servers that are being served from the same domain that they are serving.

To get around this, you must be using glue records, but querying for your glue records (ns1.downvids.net) is returning no records. The reason Verizon is showing some random IP addresses there is because they do this really scummy thing called "nxdomain hijacking" which redirects your failed domain to a search engine or some other page.

The whois also indicates that you did change your domain today:

Updated Date: 2017-02-21T16:49:46Z

We can't tell what you changed, but if it was anything related to DNS, then change it back.

Also name.com did have a DNS outage not long ago, so maybe it's just that they're having another outage.

The reasons some regions of the world are still getting a response for your IP address is either because they have something cached, or because name.com is having an outage that is only affecting certain regions in the world.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
0

If you change the Records recently, it may take about 24 to 46 hours to propagated around the world.

mohemmadAli
  • 92
  • 4