[ale] [OT] Website DNS issue

Derek Atkins derek at ihtfp.com
Wed Oct 16 11:41:10 EDT 2024 

This is all because he removed the CNAME record after my initial response.

-derek

On Wed, October 16, 2024 11:29 am, James Taylor via Ale wrote:
> That's what I see here, too.
> No addresses showing when doing a local lookup or from 8.8.8.8.
> It shows your nameserver as ns1 and ns2.hover.com.
> Lookups on them also don't return an address from leamhall.com
> -jt
> James Taylor
> 678-697-9420
> james.taylor at eastcobbgroup.com
>
>>>> Chuck Payne via Ale <ale at ale.org> 10/16/2024, 11:10 AM >>>
> Leam,
>
> Who manages your DNS zone, because dig doesn't come up with anything,
> and
> my dns server only see the MX record, for leamhall.com
>
>
> ; <<>> DiG 9.9.7 <<>> leamhall.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57094
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;leamhall.com. IN A
>
> ;; AUTHORITY SECTION:
> leamhall.com. 300 IN SOA ns1.hover.com.
> dnsmaster.hover.com. 1729083104 1800 900 604800 300
>
> ;; Query time: 107 msec
> ;; SERVER: 192.168.105.3#53(192.168.105.3)
> ;; WHEN: Wed Oct 16 11:01:57 EDT 2024
> ;; MSG SIZE rcvd: 100
>
> host leamhall.com
> leamhall.com mail is handled by 10 mx.hover.com.cust.hostedemail.com.
>
>
> Do you have a A record or CName record for leamhall.com in your zone? It
> looks like the catch all only picking up the MX record, like it should.
>
>
>
> On Wed, Oct 16, 2024 at 9:48 AM Derek Atkins via Ale <ale at ale.org>
> wrote:
>
>> So reuel.net leads to a page that starts with:
>>
>> Stories. Code. Encouragement.
>>
>> Does GitHub know that it is supposed to answer to "leamhall.com"?
> You'll
>> need to tell it that, so it reacts to the proper vhost responses. Just
>> adding a CNAME is not sufficient, because the SNI / Host header needs
> to
>> match.
>>
>> I didn't look closely as the purported Host with the "cute girl" :)
> But I
>> suspect someone figured out how to capture all "default" github pages
>> traffic.
>>
>> Right now, "leamhall.com" gives me an error page. Going to
>>
> https://us-west-2.protection.sophos.com?d=leamhall.com&u=d3d3LmxlYW1oYWxsLmNvbQ==&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=dWN5bmUrQUIyNTBJTkh1Z20zcDhoZnZLOHI5QWtsazd1bWttTXdmSzBwbz0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
> gets me to a hover page.
>>
>> -derek
>>
>> On Wed, October 16, 2024 9:30 am, Leam Hall wrote:
>> > A cute girl, who is not my cute wife, and who makes me upset with
>> whomever
>> > is getting cutesy with my website.
>> >
>> > I may have a solution, based on your notes:
>> >
>> > [leam at shaphan ~]$ host reuel.net
>> > reuel.net has address 192.30.252.154
>> > reuel.net has address 192.30.252.153
>> > reuel.net mail is handled by 10 mx.hover.com.cust.hostedemail.com.
>> >
>> > [leam at shaphan ~]$ host leamhall.com
>> > leamhall.com has address 192.30.252.153
>> > leamhall.com has address 192.30.252.154
>> > leamhall.com mail is handled by 10
> mx.hover.com.cust.hostedemail.com.
>> >
>> > [leam at shaphan ~]$ host leamhall.dev
>> > leamhall.dev has address 216.40.34.41
>> > leamhall.dev mail is handled by 10
> mx.hover.com.cust.hostedemail.com.
>> >
>> > So, leamhall.dev is just an empty page, and reuel.net is my "real"
>> page. I
>> > had set up leamhall.com as a CNAME to reuel.net, but then realized
> that
>> > GitHub Pages (where reuel.net goes to) didn't have any information
> on
>> > leamhall.com. So maybe it's a random-ish github page? I've removed
> the
>> > GitHub page CNAME stuff and leamhall.com should revert to Hover's
>> standard
>> > "No page here yet" page. We'll see in a few minutes.
>> >
>> > Does that make sense? I don't run the DNS for it. Also, I just
> checked
>> the
>> > files and there's no hokey index file in there.
>> >
>> > Leam
>> >
>> >
>> > On 10/16/24 08:13, Derek Atkins wrote:
>> >> Cute girl on your page!!
>> >>
>> >> When I look at "leamhall.com", I see:
>> >> $ host leamhall.com
>> >> leamhall.com has address 192.30.252.153
>> >> leamhall.com has address 192.30.252.154
>> >> leamhall.com mail is handled by 10
> mx.hover.com.cust.hostedemail.com.
>> >>
>> >> Is this the correct DNS configuration?
>> >>
>> >> Show us y> >>> Hey all, turning to the smart folks for insight.
>> >>>
>> >>> I have a GitHub pages site and point my "name site", leamhall.com
> to
>> >>> it,
>> >>> as well as others. The others work, but leamhall.com comes up with
> a
>> >>> page
>> >>> that I have no idea how it got there. I've compared the DNS record
> info
>> >>> on
>> >>> Hover, changed my default nameserver from google 8.8.8.8 to
> Hover's, to
>> >>> no
>> >>> avail.
>> >>>
>> >>> What am I missing?
>> >>>
>> >>> Leam
>> >
>> >
>> > --
>> > Linux Automation Engineer (reuel.net/resume)
>> > Scribe: The Domici War (domiciwar.net)
>> > General Ne'er-do-well (github.com/LeamHall)
>> >
>>
>>
>> --
>> Derek Atkins 617-623-3745
>> derek at ihtfp.com
> https://us-west-2.protection.sophos.com?d=ihtfp.com&u=d3d3LmlodGZwLmNvbQ==&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=aThFRXNtaXB3ZE5laml1cjhtL3N6Q2FjMEI4RWc0RGttUHZNTkF2OTF6Zz0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
>> Computer and Internet Security Consultant
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>>
> https://us-west-2.protection.sophos.com?d=ale.org&u=aHR0cHM6Ly9tYWlsLmFsZS5vcmcvbWFpbG1hbi9saXN0aW5mby9hbGU=&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=WURFRm5tTitkSHI4U1ZwemZnemUwM3lobndBWHAxa3NFdVVZMzdKL1NEZz0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>
> https://us-west-2.protection.sophos.com?d=ale.org&u=aHR0cDovL21haWwuYWxlLm9yZy9tYWlsbWFuL2xpc3RpbmZv&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=WXN1dVQwSXRuYklNSUUyeW5ZdnowL0g5azcyVkRhTWxwZWhCT0hpdmFDTT0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
>>
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> openSUSE Community Member since 2008.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

More information about the Ale mailing list