DNS resolves wrong IP address in one country
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.
If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.
The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.
The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.
The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.
Here is what I looked at/ tried so far:
- Checked all Apache 2 vhost conf.
- Checked iptables (empty) and
/etc/hosts
and/etc/resolv.conf
(safe) - Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
Checked claroline code base: it look safe, but it's huge. I can't check all files.
Here is a nslookup on one of the student Windows computers:
C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161
And of course, 195.186.210.161 is not the correct IP address of the server.
I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.
domain-name-system
New contributor
 |Â
show 1 more comment
up vote
3
down vote
favorite
One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.
If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.
The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.
The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.
The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.
Here is what I looked at/ tried so far:
- Checked all Apache 2 vhost conf.
- Checked iptables (empty) and
/etc/hosts
and/etc/resolv.conf
(safe) - Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
Checked claroline code base: it look safe, but it's huge. I can't check all files.
Here is a nslookup on one of the student Windows computers:
C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161
And of course, 195.186.210.161 is not the correct IP address of the server.
I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.
domain-name-system
New contributor
Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
â David Goate
5 hours ago
Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
â David Goate
5 hours ago
@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
â iizno
5 hours ago
@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
â iizno
5 hours ago
Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
â yagmoth555â¦
5 hours ago
 |Â
show 1 more comment
up vote
3
down vote
favorite
up vote
3
down vote
favorite
One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.
If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.
The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.
The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.
The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.
Here is what I looked at/ tried so far:
- Checked all Apache 2 vhost conf.
- Checked iptables (empty) and
/etc/hosts
and/etc/resolv.conf
(safe) - Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
Checked claroline code base: it look safe, but it's huge. I can't check all files.
Here is a nslookup on one of the student Windows computers:
C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161
And of course, 195.186.210.161 is not the correct IP address of the server.
I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.
domain-name-system
New contributor
One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.
If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.
The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.
The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.
The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.
Here is what I looked at/ tried so far:
- Checked all Apache 2 vhost conf.
- Checked iptables (empty) and
/etc/hosts
and/etc/resolv.conf
(safe) - Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
Checked claroline code base: it look safe, but it's huge. I can't check all files.
Here is a nslookup on one of the student Windows computers:
C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b
Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161
And of course, 195.186.210.161 is not the correct IP address of the server.
I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.
domain-name-system
domain-name-system
New contributor
New contributor
edited 11 mins ago
Peter Mortensen
2,09742124
2,09742124
New contributor
asked 5 hours ago
iizno
1162
1162
New contributor
New contributor
Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
â David Goate
5 hours ago
Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
â David Goate
5 hours ago
@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
â iizno
5 hours ago
@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
â iizno
5 hours ago
Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
â yagmoth555â¦
5 hours ago
 |Â
show 1 more comment
Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
â David Goate
5 hours ago
Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
â David Goate
5 hours ago
@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
â iizno
5 hours ago
@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
â iizno
5 hours ago
Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
â yagmoth555â¦
5 hours ago
Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
â David Goate
5 hours ago
Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
â David Goate
5 hours ago
Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
â David Goate
5 hours ago
Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
â David Goate
5 hours ago
@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
â iizno
5 hours ago
@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
â iizno
5 hours ago
@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
â iizno
5 hours ago
@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
â iizno
5 hours ago
Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
â yagmoth555â¦
5 hours ago
Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
â yagmoth555â¦
5 hours ago
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
up vote
7
down vote
If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.
I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.
At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.
Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.
That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
â iizno
5 hours ago
4
We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
â MadHatter
5 hours ago
It seems like a problem that could be solved with a lawyer in the right jurisdiction...
â R..
3 hours ago
Could a Competent Sysadmin freelance resolve this issue ?
â iizno
3 hours ago
1
If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
â Joshua Dwire
1 hour ago
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
7
down vote
If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.
I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.
At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.
Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.
That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
â iizno
5 hours ago
4
We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
â MadHatter
5 hours ago
It seems like a problem that could be solved with a lawyer in the right jurisdiction...
â R..
3 hours ago
Could a Competent Sysadmin freelance resolve this issue ?
â iizno
3 hours ago
1
If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
â Joshua Dwire
1 hour ago
 |Â
show 1 more comment
up vote
7
down vote
If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.
I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.
At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.
Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.
That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
â iizno
5 hours ago
4
We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
â MadHatter
5 hours ago
It seems like a problem that could be solved with a lawyer in the right jurisdiction...
â R..
3 hours ago
Could a Competent Sysadmin freelance resolve this issue ?
â iizno
3 hours ago
1
If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
â Joshua Dwire
1 hour ago
 |Â
show 1 more comment
up vote
7
down vote
up vote
7
down vote
If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.
I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.
At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.
Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.
If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.
I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.
At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.
Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.
edited 1 hour ago
answered 5 hours ago
MadHatter
68.4k11139203
68.4k11139203
That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
â iizno
5 hours ago
4
We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
â MadHatter
5 hours ago
It seems like a problem that could be solved with a lawyer in the right jurisdiction...
â R..
3 hours ago
Could a Competent Sysadmin freelance resolve this issue ?
â iizno
3 hours ago
1
If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
â Joshua Dwire
1 hour ago
 |Â
show 1 more comment
That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
â iizno
5 hours ago
4
We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
â MadHatter
5 hours ago
It seems like a problem that could be solved with a lawyer in the right jurisdiction...
â R..
3 hours ago
Could a Competent Sysadmin freelance resolve this issue ?
â iizno
3 hours ago
1
If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
â Joshua Dwire
1 hour ago
That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
â iizno
5 hours ago
That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
â iizno
5 hours ago
4
4
We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
â MadHatter
5 hours ago
We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
â MadHatter
5 hours ago
It seems like a problem that could be solved with a lawyer in the right jurisdiction...
â R..
3 hours ago
It seems like a problem that could be solved with a lawyer in the right jurisdiction...
â R..
3 hours ago
Could a Competent Sysadmin freelance resolve this issue ?
â iizno
3 hours ago
Could a Competent Sysadmin freelance resolve this issue ?
â iizno
3 hours ago
1
1
If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
â Joshua Dwire
1 hour ago
If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
â Joshua Dwire
1 hour ago
 |Â
show 1 more comment
iizno is a new contributor. Be nice, and check out our Code of Conduct.
iizno is a new contributor. Be nice, and check out our Code of Conduct.
iizno is a new contributor. Be nice, and check out our Code of Conduct.
iizno is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f935025%2fdns-resolves-wrong-ip-address-in-one-country%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
â David Goate
5 hours ago
Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
â David Goate
5 hours ago
@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
â iizno
5 hours ago
@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
â iizno
5 hours ago
Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
â yagmoth555â¦
5 hours ago