Skip to main content

DWI - Not all the time "Authoritative" helps

We already saw the common issues when custom domain is involved where we saw a tool called DWI - Dig Web Interface which will help us get DNS records of a particular domain.

Today while coming across a forum thread, got to notice a strange thing ever. It's not the first time however. If you refer the article about corrupted DNS, the blog URL used had similar issue.

It is normally recommended to use "Authoritative" under Name servers when digging a domain. However this doesn't always workout.



Let us consider the following URL in issue.
  • newsblok.com
  • www.newsblok.com

The actual authoritative Dig Log gives us the following results,

newsblok.com@dns1.name-services.com.:
/usr/bin/dig: couldn't get address for 'dns1.name-services.com.': failure
newsblok.com@dns2.name-services.com.:
/usr/bin/dig: couldn't get address for 'dns2.name-services.com.': failure
newsblok.com@dns3.name-services.com.:
/usr/bin/dig: couldn't get address for 'dns3.name-services.com.': failure
newsblok.com@dns4.name-services.com.:
/usr/bin/dig: couldn't get address for 'dns4.name-services.com.': failure
newsblok.com@dns5.name-services.com.:
/usr/bin/dig: couldn't get address for 'dns5.name-services.com.': failure

http://digwebinterface.com/?hostnames=newsblok.com%0D%0Awww.newsblok.com&type=&useresolver=8.8.4.4&ns=auth&nameservers=

Here's a screen shot:

So I went ahead and changed it to "Resolver: Default" and got the following result.

newsblok.com@8.8.4.4 (Default):
newsblok.com.  1799 IN A 216.239.32.21
newsblok.com.  1799 IN A 216.239.36.21
newsblok.com.  1799 IN A 216.239.34.21
newsblok.com.  1799 IN A 216.239.38.21 
 
www.newsblok.com@8.8.4.4 (Default):

www.newsblok.com. 1773 IN CNAME ghs.google.com.
ghs.google.com.  86373 IN CNAME ghs.l.google.com.
ghs.l.google.com. 273 IN A 216.58.192.179
 

http://digwebinterface.com/?hostnames=newsblok.com%0D%0Awww.newsblok.com&type=&ns=resolver&useresolver=8.8.4.4&nameservers=

Here's a screen shot:
Of these, the ones highlighted in red can be ignored as resolver will give us all the URL mapping.

So it could be inferred as DWI first reads ghs.google.com and when looking for ghs.google.com it finds ghs.l.google.com and when looking for ghs.l.google.com it finds the IP Address 216.58.192.179.

To avoid this kind of confusion only usually "Authoritative" is used. Now that the option is ruled out we have to infer it this way.

As far as this issue is concerned, we have no additional A records or CName records which means the DNS is setup correctly.

Also this confirms that we need to check if DNS is corrupted only in few cases.

Comments

Feeds for you

How to secure your Google account and Blogger blog?

As a part of contributions to NCSAM, I am writing this article down on what all should we be aware of with respect to Google's security aspect and how to make sure your blog stays yours forever.
What is NCSAM? It's National Cyber Security Awareness Month which is observed during the month of October every year in America.

However, we all know cyber security is a world topic and is not limited to just the USA. So let me give some tips with respect to keeping the Google account safe and Blogger blogs safe from hackers.

As I secure my account, I hope you people catch up too.

In this blog post, I am going to tell about the following,
Securing your Google account.Securing your Blogger blog. Securing your Google account Since Blogger is also part of your Google account, let's first see what all we need to do to keep our Google account safe. Don't share your password to anyone.Keep changing your password every 60 - 90 days.Make sure your password is strong enough. Have at leas…

Blogger HTTPS for custom domain and Cloudflare

In BHF, there was a recent issue related to cloudflare where the browser screams the site is a phishing site. So I thought of writing up how does a service like cloudflare affect your blogger blog.

What is Cloudflare?

Well we have that written all over Wikipedia. Let's go on with why Blogger users look for Cloudflare.
Anciently Blogger users used cloudflare for one simple reason. HTTPS for custom domains.

So what happens when you introduce cloudflare into your domain?
DNS Redirect.
Your custom domain will be configured with the proxy info provided by cloudflare and when the request is hit, DNS redirect happens.
DNS redirect is bad for the site's health. A number of reasons, but the most important is that some browsers, when it detects a DNS redirection, it thinks that it is a phishing site.

What is a DNS redirect?

I am trying to explain this in easy terms. I'll try not to be too technical. When a custom domain URL is hit, usually the domain requests go to Name servers from w…

Blogger in Draft says "Try the new Blogger!"

It's been long time that I wrote something here. Interestingly there seems to be a new update in Blogger in Draft (https://draft.blogger.com).