Dr Horrible DNS geekery

Michael Butash michael at butash.net
Sun Sep 27 10:55:12 MST 2015 

Really odd if so, internally (cox) and externally (google) I seem to 
resolve the cox address, so wonder if his bgp advertisement is just 
going away somehow to go to a different place, mine again just ends in 
Cox's network, seemingly at the right endpoint, but not the routed 
tale-by-hostname-resolution.

mb at host:~$ host dead.horse 68.2.16.30
Using domain server:
Name: 68.2.16.30
Address: 68.2.16.30#53
Aliases:

dead.horse has address 66.240.194.139
dead.horse mail is handled by 10 MAIL.RWGUSA.NET.

mb at host:~$ host dead.horse 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

dead.horse has address 66.240.194.139
dead.horse mail is handled by 10 MAIL.RWGUSA.NET.

mb at host:~$ mtr --report --report-cycles=1 -w dead.horse
Start: Sun Sep 27 10:38:24 2015
HOST: host                             Loss%   Snt   Last   Avg Best  
Wrst StDev
   1.|-- fw1.peoria1.unifiedconvergence.net  0.0%     1    0.6 0.6   
0.6   0.6   0.0
   2.|-- ???                                100.0     1    0.0 0.0   
0.0   0.0   0.0
   3.|-- 100.127.69.154                      0.0%     1    8.1 8.1   
8.1   8.1   0.0
   4.|-- 70.169.75.248                       0.0%     1   18.1 18.1  
18.1  18.1   0.0
   5.|-- elcndsrj01-ae0.0.rd.sd.cox.net      0.0%     1   19.7 19.7  
19.7  19.7   0.0
   6.|-- escnaggc01-gex0401.sd.sd.cox.net    0.0%     1   25.2 25.2  
25.2  25.2   0.0
   7.|-- wsip-72-203-224-167.sd.sd.cox.net   0.0%     1   22.3 22.3  
22.3  22.3   0.0
   8.|-- 216.98.153.30                       0.0%     1   21.7 21.7  
21.7  21.7   0.0
   9.|-- 66.240.194.139                      0.0%     1   21.1 21.1  
21.1  21.1   0.0

I get annoyed enough with Cox and their DNS interception/redirection for 
search queries, I certainly hope they're not picking who delivers 
content, especially when it's not the right location, but seems dns is 
right.  I think someone is changing the records, you might have a cached 
entry.

It's interesting what he's doing to accomplish that actually, I'll 
imagine he is a network geek with a GNS3 lab bridged to the world, 
having a chain of routers with ip unnumbered interfaces passing it to 
each loopback along the way as he did.  I just figured his laptop or 
workstation running dns3 reboots periodically unable to deal with real 
traffic hitting it like that.

You can do interesting things with routing labs like that, just nothing 
you'd ever do in a real network.

-mb


On 09/26/2015 04:16 PM, Fabian Santiago wrote:
> I just tried it. It's very much alive and well. Quite humorous. Perhaps your isp is proxying / caching you in some capacity ??

More information about the PLUG-discuss mailing list