Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1286
  • Last Modified:

Why is wsc1.jomax.net registered as a NS server for anything I ping? Is my DNS corrupt?

Hi Experts,
We just set up a new server (svr1) and I'm pretty sure we haven't assigned a public IP for it yet. But when I ping it (svr1.mydomain.com) against our DNS server, the host was resolved into an ip 64.158.56.49 that I'm sure not our IP. I was so surpised since I expected to see something like "Can not resolve host ..." etc.
Then I felt it just makes no sense so I kept pinging with some non-sense names and found all were resolved to the above same ip address 64.158.56.49, instead of "Can not resolve host".
Then when I got into my DNS server / Cached Lookups zone, under mydomain, I saw all server and non-sense names i ping earlier and all are with the following two entries:
Name Server (NS)    wsc1.jomax.net
Name Server (NS)    wsc2.jomax.net

Why are all non-sense host names resolved, and to the same IP address by jomax.net? Is my DNS corrupt? Please help.
0
Castlewood
Asked:
Castlewood
  • 3
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:
When you ping those, what, exactly do you see?

It sounds like it's appending DNS suffixes to your request. For example, you type this:

ping bob

And you get this:

Reply from bob.somedomain.com [Some-Odd-IP] ...

Is that what you're seeing?

Chris
0
 
CastlewoodAuthor Commented:
When I ping bob, or anything else, plus .anthing (a kind of domain format), I got the same result as follows:

H:\>ping bob
Ping request could not find host bob. Please check the name and try again.
H:\>ping aa.cnn.com
Pinging aa.cnn.com [64.158.56.49] with 32 bytes of data:
Reply from 64.158.56.49: bytes=32 time=15ms TTL=55
Reply from 64.158.56.49: bytes=32 time=15ms TTL=55
Reply from 64.158.56.49: bytes=32 time=8ms TTL=55
Reply from 64.158.56.49: bytes=32 time=8ms TTL=55
H:\>ping bob.cnn.com
Pinging bob.cnn.com [64.158.56.49] with 32 bytes of data:
Reply from 64.158.56.49: bytes=32 time=16ms TTL=55
Reply from 64.158.56.49: bytes=32 time=15ms TTL=55
Reply from 64.158.56.49: bytes=32 time=10ms TTL=55
Reply from 64.158.56.49: bytes=32 time=8ms TTL=55
H:\>ping bob.bob
Pinging bob.bob [64.158.56.49] with 32 bytes of data:
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=8ms TTL=55
Reply from 64.158.56.49: bytes=32 time=8ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
H:\>ping asdfasfasdfasdfsa.cnn.com
Pinging asdfasfasdfasdfsa.cnn.com [64.158.56.49] with 32 bytes of data:
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=8ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
H:\>ping bob.bob.bob
Pinging bob.bob.bob [64.158.56.49] with 32 bytes of data:
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
H:\>ping bob.asdfadsfasd.asdfasf
Pinging bob.asdfadsfasd.asdfasf [64.158.56.49] with 32 bytes of data:
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=7ms TTL=55
Reply from 64.158.56.49: bytes=32 time=6ms TTL=55

Please also see the DNS zone content in the attachment.
Thanks.
dns.jpg
0
 
Chris DentPowerShell DeveloperCommented:

Can you also run:

nslookup bob.asdfadsfasd.asdfasf

And confirm that it exhibits the same behaviour?

You don't have a zone called "." under Forward Lookup Zones, do you? It doesn't look to be suffix appending after all, more like you have a root zone with a wildcard record.

Chris
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
CastlewoodAuthor Commented:
Here is the result of nslookup:
H:\>nslookup bob.asdfadsfasd.asdfasf
Server:  hanser.stone.local
Address:  10.10.10.26
Non-authoritative answer:
Name:    bob.asdfadsfasd.asdfasf
Addresses:  64.158.56.49, 63.251.179.49

H:\>nslookup bob.bob.bob.asdfasfdasfdasdf
Server:  hanser.stone.local
Address:  10.10.10.26
Non-authoritative answer:
Name:    bob.bob.bob.asdfasfdasfdasdf
Addresses:  64.158.56.49, 63.251.179.49

i checked and found no "." zone under Forward Lookup Zones, instead "." is in Cached Lookups. Please see the attachment.
dns2.jpg
0
 
DrDave242Commented:
There's apparently a wildcard record somewhere in public DNS causing this behavior, and you're not the only one to see it.  Google "64.158.56.49" and among the results you'll see other people encountering the same thing (in several different ways).
0
 
Chris DentPowerShell DeveloperCommented:
Weird. How about Forwarders, what do you have configured there?

Non-Authoritative Answer, so it's not coming from your local server.

Chris
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now