Yeah, it appears to be some kind of placeholder site, like what Network Solutions uses. What's strange is that the AT&T server appears to be handing out alternating responses: # dig @12.127.17.83 www.ben.edu ; <<>> DiG 9.5.1-P2 <<>> @12.127.17.83 www.ben.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35102 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.ben.edu. IN A ;; ANSWER SECTION: www.ben.edu. 148 IN A 208.91.197.132 ;; Query time: 2 msec ;; SERVER: 12.127.17.83#53(12.127.17.83) ;; WHEN: Fri Oct 26 20:22:18 2012 ;; MSG SIZE rcvd: 45 [root@venus ~]# dig @12.127.17.83 www.ben.edu ; <<>> DiG 9.5.1-P2 <<>> @12.127.17.83 www.ben.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38198 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.ben.edu. IN A ;; ANSWER SECTION: www.ben.edu. 3427 IN CNAME ben.edu. ben.edu. 3427 IN A 38.100.120.100 ;; Query time: 2 msec ;; SERVER: 12.127.17.83#53(12.127.17.83) ;; WHEN: Fri Oct 26 20:22:23 2012 ;; MSG SIZE rcvd: 59 [root@venus ~]# dig @12.127.17.83 www.ben.edu ; <<>> DiG 9.5.1-P2 <<>> @12.127.17.83 www.ben.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21252 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.ben.edu. IN A ;; ANSWER SECTION: www.ben.edu. 142 IN A 208.91.197.132 ;; Query time: 1 msec ;; SERVER: 12.127.17.83#53(12.127.17.83) ;; WHEN: Fri Oct 26 20:22:24 2012 ;; MSG SIZE rcvd: 45 [root@venus ~]# dig @12.127.17.83 www.ben.edu ; <<>> DiG 9.5.1-P2 <<>> @12.127.17.83 www.ben.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59907 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.ben.edu. IN A ;; ANSWER SECTION: www.ben.edu. 3425 IN CNAME ben.edu. ben.edu. 3425 IN A 38.100.120.100 ;; Query time: 2 msec ;; SERVER: 12.127.17.83#53(12.127.17.83) ;; WHEN: Fri Oct 26 20:22:25 2012 ;; MSG SIZE rcvd: 59 Tim Huffman Director of Engineering Business Only Broadband 777 Oakmont Lane, Suite 2000, Westmont, IL 60559 Direct: 630.590.6012 | Main: 630.590.6000 | Fax: 630.986.2496 thuffman@bobbroadband.com<mailto:thuffman@bobbroadband.com> | http://www.bobbroadband.com/ Cell: 630.340.1925 | Toll-Free Customer Support: 877.262.4553 [https://staticapp.icpsc.com/icp/loadimage.php/mogile/933825/747f0f3e66a4e0ce...] Follow Us on LinkedIn<http://www.linkedin.com/company/business-only-broadband> | [https://files.icontact.com/templates/v2/CleanAndSimple/images/twitter.gif] Follow Us on Twitter<https://twitter.com/#%21/BOBbroadband> P please consider the environment prior to printing From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of Mike Phipps Sent: Friday, October 26, 2012 8:17 PM To: outages@outages.org Subject: Re: [outages] AT&T DNS problems? 208.91.197.132 doesn't have a PTR record associated with it, but a Whois query shows that it's owned by Confluence Networks. However, check out what happens when you go to that IP address: $ nc -v 208.91.197.132 80 Connection to 208.91.197.132 80 port [tcp/http] succeeded! GET / HTTP/1.1 Host: ben.edu HTTP/1.1 200 OK Date: Sat, 27 Oct 2012 01:14:43 GMT Server: Apache/2.2.3 (Red Hat) X-Powered-By: PHP/5.3.16 Vary: Accept-Encoding,User-Agent Content-Length: 712 Content-Type: text/html; charset=UTF-8 <frameset rows="100%,*" frameborder="no" border="0" framespacing="0"> <frame src="http://ben.edu/?fp=Jg2bOCRGpmyIHeO3rTIpYJil8%2FmPB1JibWwClQntyhm4NkwKKuCk1tgtON7LOnmXFywl8MRjELrKlXFXgOfhOw%3D%3D&prvtof=lJY3O5r6C%2F4Iypq21CJp7a1LuqqIdOWvKdwx5Xsl1x8%3D&poru=S87wfqjj4W%2B%2Fm8dSEqpuWZr20KvK367%2BCoGC%2FHW2e9kL6N%2Fl3h3wnDx5AfKbrhlZ&"> </frameset> <noframes> <body bgcolor="#ffffff" text="#000000"> <a href="http://ben.edu/?fp=Jg2bOCRGpmyIHeO3rTIpYJil8%2FmPB1JibWwClQntyhm4NkwKKuCk1tgtON7LOnmXFywl8MRjELrKlXFXgOfhOw%3D%3D&prvtof=HFakvtiyy0kNqKrmL%2FCjJLePEMwdGWTZLZa5%2BZpNnP4%3D&poru=9vrhUGVKGCquHB6uFFMUXFNxz1c%2FgIaDOeCSvkLz5HCrH2FI%2Fixpxvr8LwjYT7uO&">Click here to proceed</a>. </body> </noframes> I didn't look beyond that, but it already looks fishy. Note that I used ben.edu in the hostname on that manual GET request. When I tried it with just the IP address, it said to go to searchremagnified.com. Mike Phipps Media Genesis, Inc. From: outages-bounces@outages.org<mailto:outages-bounces@outages.org> [mailto:outages-bounces@outages.org] On Behalf Of Tim Huffman Sent: Friday, October 26, 2012 9:04 PM To: outages@outages.org<mailto:outages@outages.org> Subject: [outages] AT&T DNS problems? We are the primary DNS servers for the ben.edu domain. We seem to be having an issue with an AT&T server that is responding with incorrect A records for www.ben.edu<http://www.ben.edu> and ben.edu. What it SHOULD be the response: nslookup www.ben.edu<http://www.ben.edu> Server: 63.250.224.66 Address: 63.250.224.66#53 www.ben.edu<http://www.ben.edu> canonical name = ben.edu. Name: ben.edu Address: 38.100.120.100 What 12.127.17.83 is responding with:
www.ben.edu<http://www.ben.edu> Server: tbru.br.rs.els-gms.att.net Address: 12.127.17.83
Non-authoritative answer: Name: www.ben.edu<http://www.ben.edu> Address: 208.91.197.132 This appears to be affecting only iPhones and iPads on the AT&T network. Is anybody else having problems with this? Are there any AT&T people on this list that can help? Tim Huffman Business Only Broadband 777 Oakmont Lane, Suite 2000, Westmont, IL 60559 Direct: 630.590.6012 | Main: 630.590.6000 | Fax: 630.986.2496 thuffman@bobbroadband.com<mailto:thuffman@bobbroadband.com> | http://www.bobbroadband.com/ Cell: 630.340.1925 | Toll-Free Customer Support: 877.262.4553 [https://staticapp.icpsc.com/icp/loadimage.php/mogile/933825/747f0f3e66a4e0ce...] Follow Us on LinkedIn<http://www.linkedin.com/company/business-only-broadband> | [https://files.icontact.com/templates/v2/CleanAndSimple/images/twitter.gif] Follow Us on Twitter<https://twitter.com/#%21/BOBbroadband> P please consider the environment prior to printing
