Web Hosting Forum | Lunarpages

Author Topic: DNS Redirection Issue With Our Nameservers  (Read 60006 times)

Offline GregK

  • Administrator
  • Trekkie
  • *****
  • Posts: 15
DNS Redirection Issue With Our Nameservers
« on: June 08, 2010, 03:38:36 PM »
On Saturday June 05, 2010, we experienced a temporary redirection issue with one of our nameservers.  Our response team immediately took this nameserver offline as a first step in correcting the issue. Shortly thereafter, we took extra measures to ensure that all websites at our Las Vegas datacenter would resolve properly.

Further we have instituted preventative measures to reduce the risk so that this type of situation does not happen again.

We realize that some may still be affected by this. If you are still being redirected to blackinternet.se, there are certain steps that you can take to clear this up and have your site resolve properly.

1.  Please clear the cache from your internet browser.
     a.  Firefox – Go to Tools > Clear Recent History > Check: Cookies and Cache >Click ‘Clear Now’
     b.  Internet Explorer – Go to Tools > Internet Options > General Tab > Browsing History > Click
                                             ‘Delete’ button > Check: Temporary Internet Files, Cookies, History > Click  
                                             ‘Delete button
     c. Google Chrome – Go to Customize and control Google Chrome (top right icon that looks like a
                                      wrench) > Options > ‘Under the Hood’ tab > Privacy > Click ‘Clear browsing
                                      data’ button > Check: Empty the cache and Delete cookies and other site
                                      data > Click ‘Clear browsing data’

2.   Please flush the DNS cache from your computer by taking the following steps:
              
        Windows 2000:
        a.  Go to start > run
        b.  Type: ipconfig /flushdns

       Windows XP:
       a.  Go to start > run
       b.  Type: ipconfig /flushdns

       Windows Vista:
       a.  Go to start, in search bar, type: cmd
       b.  Type: ipconfig /flushdns

You should then see:
      C:\Windows\system32>ipconfig /flushdns
       Windows IP Configuration
       Successfully flushed the DNS Resolver Cache.

--If you do not, go to:
       a.  Start > all programs>accessories > command prompt > right click on the command prompt icon and ‘run as administrator’
       b.  Type: ipconfig /flushdns

       MAC (OS Tiger and below):
       a. open a terminal window
       b. type: lookupd -flushcache

       MAC (OS Leopard):
       a. open a terminal window
       b. type: dscacheutil -flushcache

       Windows 98/98SE/ME:
       there is no dns cache flush option on these operating systems.(restarting pc may help).

If you still cannot access your site, please contact your Internet Service Provider (ISP).  When you reach them, please let them know that you need to have their DNS Cache flushed.  They will know how to proceed in doing so.

You may also visit http://proxify.com and type in your URL to view your website outside of your network.  By viewing your website in a proxy server, you will see what everyone else resolving to your site sees.

Please note that this issue has been resolved on the Lunarpages end since early Sunday morning.  Any sites that are still resolving to blackinternet.se are a matter of caching.  Most servers that hold cached sites update within 72 hours; some take longer.

Attention Blackberry Users:
If you are unable to receive your email on your phone, you will not be able to flush the DNS Cache on the phone itself.  One way to expedite receiving your email is to change the nameserver of your email to the IP Address of your account’s server.  

This IP Address may be found in your control panel.  If you are using cPanel, you will find the IP Address in the left column, second row. It will look like this: Shared Ip Address 67.210.109.205.  If you are using LPCP, you will find the IP Address in the URL of your control panel.  It will look like this: https://216.227.220.85:20082/myadmin/index.php,  where 216.227.220.85 is the Shared IP Address.

You may also email us at support@lunarpages.com with the subject line: Need My Server’s IP Address.  If you send us an email requesting this information, please provide us with the username or primary domain name of your account.

You may also call our support team at 714-521-8150 option 1, then option 3.  Let us know you are on a Blackberry and need the IP Address of your account.

We apologize for any inconveniences this has caused any of our customers and are here to help in any way we can.


Thank you for your continued support,

Greg Keil
Customer Service Manager
« Last Edit: June 09, 2010, 05:45:29 AM by GregK »
Greg Keil
Customer Relations Manager
Lunarpages Internet Solutions
http://lunarpages.com

Offline gapfire

  • Trekkie
  • **
  • Posts: 18
Re: DNS Redirection Issue With Our Nameservers
« Reply #1 on: June 08, 2010, 04:02:33 PM »
The problem is not solved. It never has been. I just got redirected again. Completely clean cache etc. Why do you people refuse to admit that this thing isn't over? My computer is clean, and my isp refreshes every 48 hours. I've still got the problem.

amy

  • Guest
Re: DNS Redirection Issue With Our Nameservers
« Reply #2 on: June 08, 2010, 04:18:13 PM »
Hi Gapfire :)

I visited gapfire.com for the first time (I'm in Australia) and below is the screenshot image of your site with today's date.

Have you tried viewing with a proxy?  I confirmed with a staff member in California and they see the same as I do.
« Last Edit: June 08, 2010, 04:40:00 PM by Priest »

Offline gapfire

  • Trekkie
  • **
  • Posts: 18
Re: DNS Redirection Issue With Our Nameservers
« Reply #3 on: June 08, 2010, 04:21:58 PM »
Might I ask you what this proves? I've been able to resolve my site on different servers right from the outset of this.
Also, I did not ask you to put the image of my site up. Take it off please.

Priest

  • Guest
Re: DNS Redirection Issue With Our Nameservers
« Reply #4 on: June 08, 2010, 04:39:33 PM »
This actually proves that there is no issue with your hosting account or DNS.  If you can access the site without issue from other computers and other people that do not typically visit your site (so they have no cached data) are able to visit it without issue, this narrows it down to your local DNS provider or local computer.

If you have cleared both your browser's cache and your operating system's DNS cache, then you can also try restarting the computer that is unable to access the site.  This will, in some cases, clear any local DNS cache that may persist even after a forced flush.

PS: I have removed the image in Amy's post as per your request

Offline gapfire

  • Trekkie
  • **
  • Posts: 18
Re: DNS Redirection Issue With Our Nameservers
« Reply #5 on: June 08, 2010, 04:46:11 PM »
This actually proves that there is no issue with your hosting account or DNS.  If you can access the site without issue from other computers and other people that do not typically visit your site (so they have no cached data) are able to visit it without issue, this narrows it down to your local DNS provider or local computer.

If you have cleared both your browser's cache and your operating system's DNS cache, then you can also try restarting the computer that is unable to access the site.  This will, in some cases, clear any local DNS cache that may persist even after a forced flush.

PS: I have removed the image in Amy's post as per your request

Actually, this proves nothing. I visited my site with a fresh ipod this morning. It had never been used for internet browsing. Guess what ? straight to blackinternet. Also, I contacted technical support at my isp and they assured me that their cache had been refreshed twice since Saturday. I guess my isp must be lying according to you??


Priest

  • Guest
Re: DNS Redirection Issue With Our Nameservers
« Reply #6 on: June 08, 2010, 04:57:20 PM »
Actually, it proves exactly what I said it proves.  By using an ipod (and assuming that you did so via wifi at your home), You have shown that any object going through your home ISP connection is having the issue.  This narrows the scope even further to your ISP or to the wireless router that services your internet aware hardware (if it provides DNS services)

Offline gapfire

  • Trekkie
  • **
  • Posts: 18
Re: DNS Redirection Issue With Our Nameservers
« Reply #7 on: June 08, 2010, 05:02:35 PM »
Actually, it proves exactly what I said it proves.  By using an ipod (and assuming that you did so via wifi at your home), You have shown that any object going through your home ISP connection is having the issue.  This narrows the scope even further to your ISP or to the wireless router that services your internet aware hardware (if it provides DNS services)

Did so at work, which has the same isp. Also, if what you are saying is correct, once the problem resolves on a machine, it should not resurface 24 hours later.

Priest

  • Guest
Re: DNS Redirection Issue With Our Nameservers
« Reply #8 on: June 08, 2010, 05:08:30 PM »
It could actually reoccur once it has cleared up.

It really depends on the ISP's nameserver setup, which I can't comment on directly since I don't work for them.  However, in most nameserver setups, you have at least 2 (though sometimes many, many more depending on customer base) nameservers that handle DNS requests.  These nameservers don't necessarily update at the same point in time, they may update independently of each other based on the TTL of your domain name at the time of the last request for that domain that it serviced.  One nameserver can reach the update threshold where the second one wouldn't.

Now, typically, you have both a primary and secondary nameserver, but this doesn't mean that you always pull from the primary nameserver.  It actually is pretty random as to which nameserver is accessed, though your hardware will typically hit the same nameserver for requests once it has initiated a request.  Clearing the DNS cache or restarting the computer, router, modem may flip which nameserver is hit.

Offline starstuff

  • Newbie
  • *
  • Posts: 2
Re: DNS Redirection Issue With Our Nameservers
« Reply #9 on: June 08, 2010, 05:19:34 PM »


2.   Please flush the DNS cache from your computer by taking the following steps:
              
        Windows 2000:
        a.  Go to start > run
        b.  Type: ipconfig /flushdns

       Windows XP:
       a.  Go to start > run
       b.  Type: ipconfig /flushdns

       Windows Vista:
       a.  Go to start, in search bar, type: cmd
       b.  Type: ipconfig /flushdns

You should then see:
      C:\Windows\system32>ipconfig /flushdns
       Windows IP Configuration
       Successfully flushed the DNS Resolver Cache.

--If you do not, go to:
       a.  Start > all programs>accessories > command prompt > right click on the command prompt icon and ‘run as administrator’
       b.  Type: ipconfig /flushdns

       MAC:
       a. Open a terminal window
       b. Type: lookupd –flushcache

       Windows 98/98SE/ME:
       there is no dns cache flush option on these operating systems.(restarting pc may help).

If you still cannot access your site, please contact your Internet Service Provider (ISP).  When you reach them, please let them know that you need to have their DNS Cache flushed.  They will know how to proceed in doing so.





Instructions for Linux users?

http://www.cyberciti.biz/faq/rhel-debian-ubuntu-flush-clear-dns-cache/

 Under any Windows version you can use ipconfig command to flush dns cache. However, Linux (UNIX) is more complex and robust as compare to Windows. Linux can run nscd or BIND or dnsmasq as the name service caching daemon under most Linux distributions. Large and workgroup servers may use BIND / dnsmasq as a dedicated caching server.

Flush nscd dns cache

Nscd caches libc-issued requests to the Name Service. If retrieving NSS data is fairly expensive, nscd is able to speed up consecutive access to the same data dramatically and increase overall system performance. Just restart nscd:

$ sudo /etc/init.d/nscd restart

OR

# service nscd restart
Flush dnsmasq dns cache

dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. This software is also installed many cheap routers to cache dns queries. Just restart to flush out dns cache:

$ sudo /etc/init.d/dnsmasq restart
Flush caching BIND server dns cache

A caching BIND server obtains information from another server (a Zone Master) in response to a host query and then saves (caches) the data locally. All you have to do is restart bind to clear its cache:

# /etc/init.d/named restart
« Last Edit: June 08, 2010, 05:21:37 PM by starstuff »

Offline firebyter

  • Newbie
  • *
  • Posts: 1
Re: DNS Redirection Issue With Our Nameservers
« Reply #10 on: June 08, 2010, 05:20:35 PM »
I have been dealing with the hijack/redirect of one site since Saturday. I have 4 trouble tickets going as a fall out. I am a bit pissed that there was never an alert from LP on this issue and just happened to be poking around on this forum and saw this thread.
I still have users emailing me that they cannot access site (still redirects to www.blackinternet.se). I have asked them to clear cache and still issues. Most seem to have Norton as a firewall. not sure if that makes a difference.
What I would like to know is what happened and why no notification at least to the clients on the affected servers or the whatall...What a waste of my time dealing with support tickets when this posted info could have easily been sent to all clients.
I have found that once a hosting company gets too big to service and inform clients, it is time to move on....

Offline John Q

  • Spaceship Captain
  • *****
  • Posts: 116
Re: DNS Redirection Issue With Our Nameservers
« Reply #11 on: June 08, 2010, 06:51:55 PM »
I was also having a problem where after clearing everything locally and being assured by the ISP that the DNS had been cleared the redirect was still occurring.

I followed rheidel's directions from the previous topic regarding mapping the IP addresses.
After opening C:\WINDOWS\system32\drivers\etc\hosts I followed the post directions to delete anything under the local address 127.0.0.1.

In my case I saw   ::1      localhost
Since I don't fully understand much of this, can you tell me if this was harmful? I deleted it then cleared the history,cookies,dns cache again and my site immediately opened correctly again (It had been working correctly through proxy since Sunday but I seemed to have a problem at home).

That was on my laptop,by the way, but when I try to remove that line on my desktop it won't allow me to save the changes. Site is still opening though.

Priest

  • Guest
Re: DNS Redirection Issue With Our Nameservers
« Reply #12 on: June 08, 2010, 06:57:36 PM »
John,

The ::1 address is the IPv6 designation for localhost (it is equivalent to the 127.0.0.1 address) and should actually be left in the hosts file.  It's very likely that the updated timestamp on the hosts file forced windows to flush its DNS cache.

As for your desktop, if you are running Vista or Windows 7, you must be administrator in order to save the changes.  Right clicking on your favorite text editor and running as administrator then opening the file from the File -> Open (or equivalent command) should allow you to save any changes

Offline jlv

  • Space Explorer
  • ***
  • Posts: 9
Re: DNS Redirection Issue With Our Nameservers
« Reply #13 on: June 08, 2010, 07:30:19 PM »
Can you tell us the details of the attack and how it was corrected?  I can forgive you for a misconfigured name server, but if I don't know what happened and what has been changed to fix it, it will be hard to trust it again.

Offline nickleus

  • Trekkie
  • **
  • Posts: 10
Re: DNS Redirection Issue With Our Nameservers
« Reply #14 on: June 08, 2010, 10:08:14 PM »
takecargo.no and takecargo.com are still being directed to blackinternet.se for some of our customers here in norway. it started on monday.
black internet was/is the ISP for the pirate bay. here's what i think happened. somebody is trying to sabotage black internet again by messing with the biggest webhost in the US.

lunarpages: i fear you guys are going to lose a lot of customers if something doesnt happen fast. my colleague here at work proposed we switch from you guys to another company here in norway. i am trying to get to the bottom of this quickly before we are forced to do that. we host a mission critical application for the entire grocery business of norway.

one customer here has the ISP ventelo (ventelo.no).

whoever was able to do this is a genius. you dont need to blow up any critical machines on the internet. you just need to direct everything to the same website. youre just as screwed, at least as long as until somebody can figure out what has happened....

 

Share |