[ale] [OT] Website DNS issue

Leam Hall leamhall at gmail.com
Wed Oct 16 11:47:42 EDT 2024 

Yup, it was pointing to GitHub pages, but GitHub didn't know about it, so some other site got their slot machine stuff on it.

Leam
  

On 10/16/24 10:41, Derek Atkins via Ale wrote:
> This is all because he removed the CNAME record after my initial response.
> 
> -derek
> 
> On Wed, October 16, 2024 11:29 am, James Taylor via Ale wrote:
>> That's what I see here, too.
>> No addresses showing when doing a local lookup or from 8.8.8.8.
>> It shows your nameserver as ns1 and ns2.hover.com.
>> Lookups on them also don't return an address from leamhall.com
>> -jt
>> James Taylor
>> 678-697-9420
>> james.taylor at eastcobbgroup.com
>>
>>>>> Chuck Payne via Ale <ale at ale.org> 10/16/2024, 11:10 AM >>>
>> Leam,
>>
>> Who manages your DNS zone, because dig doesn't come up with anything,
>> and
>> my dns server only see the MX record, for leamhall.com
>>
>>
>> ; <<>> DiG 9.9.7 <<>> leamhall.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57094
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 1232
>> ;; QUESTION SECTION:
>> ;leamhall.com. IN A
>>
>> ;; AUTHORITY SECTION:
>> leamhall.com. 300 IN SOA ns1.hover.com.
>> dnsmaster.hover.com. 1729083104 1800 900 604800 300
>>
>> ;; Query time: 107 msec
>> ;; SERVER: 192.168.105.3#53(192.168.105.3)
>> ;; WHEN: Wed Oct 16 11:01:57 EDT 2024
>> ;; MSG SIZE rcvd: 100
>>
>> host leamhall.com
>> leamhall.com mail is handled by 10 mx.hover.com.cust.hostedemail.com.
>>
>>
>> Do you have a A record or CName record for leamhall.com in your zone? It
>> looks like the catch all only picking up the MX record, like it should.
>>
>>
>>
>> On Wed, Oct 16, 2024 at 9:48 AM Derek Atkins via Ale <ale at ale.org>
>> wrote:
>>
>>> So reuel.net leads to a page that starts with:
>>>
>>> Stories. Code. Encouragement.
>>>
>>> Does GitHub know that it is supposed to answer to "leamhall.com"?
>> You'll
>>> need to tell it that, so it reacts to the proper vhost responses. Just
>>> adding a CNAME is not sufficient, because the SNI / Host header needs
>> to
>>> match.
>>>
>>> I didn't look closely as the purported Host with the "cute girl" :)
>> But I
>>> suspect someone figured out how to capture all "default" github pages
>>> traffic.
>>>
>>> Right now, "leamhall.com" gives me an error page. Going to
>>>
>> https://us-west-2.protection.sophos.com?d=leamhall.com&u=d3d3LmxlYW1oYWxsLmNvbQ==&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=dWN5bmUrQUIyNTBJTkh1Z20zcDhoZnZLOHI5QWtsazd1bWttTXdmSzBwbz0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
>> gets me to a hover page.
>>>
>>> -derek
>>>
>>> On Wed, October 16, 2024 9:30 am, Leam Hall wrote:
>>>> A cute girl, who is not my cute wife, and who makes me upset with
>>> whomever
>>>> is getting cutesy with my website.
>>>>
>>>> I may have a solution, based on your notes:
>>>>
>>>> [leam at shaphan ~]$ host reuel.net
>>>> reuel.net has address 192.30.252.154
>>>> reuel.net has address 192.30.252.153
>>>> reuel.net mail is handled by 10 mx.hover.com.cust.hostedemail.com.
>>>>
>>>> [leam at shaphan ~]$ host leamhall.com
>>>> leamhall.com has address 192.30.252.153
>>>> leamhall.com has address 192.30.252.154
>>>> leamhall.com mail is handled by 10
>> mx.hover.com.cust.hostedemail.com.
>>>>
>>>> [leam at shaphan ~]$ host leamhall.dev
>>>> leamhall.dev has address 216.40.34.41
>>>> leamhall.dev mail is handled by 10
>> mx.hover.com.cust.hostedemail.com.
>>>>
>>>> So, leamhall.dev is just an empty page, and reuel.net is my "real"
>>> page. I
>>>> had set up leamhall.com as a CNAME to reuel.net, but then realized
>> that
>>>> GitHub Pages (where reuel.net goes to) didn't have any information
>> on
>>>> leamhall.com. So maybe it's a random-ish github page? I've removed
>> the
>>>> GitHub page CNAME stuff and leamhall.com should revert to Hover's
>>> standard
>>>> "No page here yet" page. We'll see in a few minutes.
>>>>
>>>> Does that make sense? I don't run the DNS for it. Also, I just
>> checked
>>> the
>>>> files and there's no hokey index file in there.
>>>>
>>>> Leam
>>>>
>>>>
>>>> On 10/16/24 08:13, Derek Atkins wrote:
>>>>> Cute girl on your page!!
>>>>>
>>>>> When I look at "leamhall.com", I see:
>>>>> $ host leamhall.com
>>>>> leamhall.com has address 192.30.252.153
>>>>> leamhall.com has address 192.30.252.154
>>>>> leamhall.com mail is handled by 10
>> mx.hover.com.cust.hostedemail.com.
>>>>>
>>>>> Is this the correct DNS configuration?
>>>>>
>>>>> Show us y> >>> Hey all, turning to the smart folks for insight.
>>>>>>
>>>>>> I have a GitHub pages site and point my "name site", leamhall.com
>> to
>>>>>> it,
>>>>>> as well as others. The others work, but leamhall.com comes up with
>> a
>>>>>> page
>>>>>> that I have no idea how it got there. I've compared the DNS record
>> info
>>>>>> on
>>>>>> Hover, changed my default nameserver from google 8.8.8.8 to
>> Hover's, to
>>>>>> no
>>>>>> avail.
>>>>>>
>>>>>> What am I missing?
>>>>>>
>>>>>> Leam
>>>>
>>>>
>>>> --
>>>> Linux Automation Engineer (reuel.net/resume)
>>>> Scribe: The Domici War (domiciwar.net)
>>>> General Ne'er-do-well (github.com/LeamHall)
>>>>
>>>
>>>
>>> --
>>> Derek Atkins 617-623-3745
>>> derek at ihtfp.com
>> https://us-west-2.protection.sophos.com?d=ihtfp.com&u=d3d3LmlodGZwLmNvbQ==&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=aThFRXNtaXB3ZE5laml1cjhtL3N6Q2FjMEI4RWc0RGttUHZNTkF2OTF6Zz0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
>>> Computer and Internet Security Consultant
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>>
>> https://us-west-2.protection.sophos.com?d=ale.org&u=aHR0cHM6Ly9tYWlsLmFsZS5vcmcvbWFpbG1hbi9saXN0aW5mby9hbGU=&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=WURFRm5tTitkSHI4U1ZwemZnemUwM3lobndBWHAxa3NFdVVZMzdKL1NEZz0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>
>> https://us-west-2.protection.sophos.com?d=ale.org&u=aHR0cDovL21haWwuYWxlLm9yZy9tYWlsbWFuL2xpc3RpbmZv&i=NjNjODRjNjNlNGJiYjI0YTFlODE3NGI4&t=WXN1dVQwSXRuYklNSUUyeW5ZdnowL0g5azcyVkRhTWxwZWhCT0hpdmFDTT0=&h=97e0eedea08a4406859913c162bcac6e&s=AVNPUEhUT0NFTkNSWVBUSVYdBQ9j-wR-KkxEPPIPFbQnjFT3tdStWDhWBd8Fyu51Wg
>>>
>>
>>
>> --
>> Terror PUP a.k.a
>> Chuck "PUP" Payne
>> -----------------------------------------
>> Discover it! Enjoy it! Share it! openSUSE Linux.
>> -----------------------------------------
>> openSUSE -- Terrorpup
>> openSUSE Ambassador/openSUSE Member
>> skype,twiiter,identica,friendfeed -- terrorpup
>> freenode(irc) --terrorpup/lupinstein
>> Register Linux Userid: 155363
>>
>> openSUSE Community Member since 2008.
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> 
> 

-- 
Linux Automation Engineer (reuel.net/resume)
Scribe: The Domici War    (domiciwar.net)
General Ne'er-do-well     (github.com/LeamHall)

More information about the Ale mailing list