How not to set up your DNS (part 7)
Presented in point form, because the illustrated form is too verbose:
- The subdomain bos.netsolhost.com has nameservers NS1.bos.netsolhost.com and NS2.bos.netsolhost.com.
- according to the nameservers for netsolhost.com, these have IP addresses 22.214.171.124 and 126.96.36.199 respectively.
- according to 188.8.131.52, these actually have IP addresses 10.49.34.11 and 10.49.34.12 respectively.
- 184.108.40.206 doesn't respond.
The 10.*.*.* IP addresses are RFC 1918 private addresses, so no one outside netsolhost.com can get to them. The net effect that the first query for something in bos.netsolhost.com will return useful information but everything after that fails, because when 220.127.116.11 answers your first query it also feeds you the bad nameserver IP addresses and 'poisons' your nameserver cache.
I've seen all the elements of this one separately, but this is the first time I've seen glue record hell and leaking internal domains with internal-only IP addresses combined so creatively.
We noticed this because 18.104.22.168 (allegedly
'vux16.bos.netsolhost.com') kept trying to send us email with the
MAIL FROM of 'email@example.com'. In the
process of verifying incoming mail, we want to do A and MX queries; as
the first query, the A query worked, but the MX query got timeouts.
When I noticed the repeated '454 temporarily unresolvable address'
replies for something that was at least partially resolvable (because
we accepted it as a
HELO name) I started digging.