Not understanding something about DNS

Discussion in 'DNS Server' started by JohnB, Oct 16, 2009.

  1. JohnB

    JohnB Guest

    If I ping our company website - www.blackdiamondranch.com - it returns the
    IP address 63.85.17.161

    If I open up a browser and enter http://63.85.17.161 it brings up the
    website of the company that created our website.

    Our website is hosted by yet another company. If I login to the account for
    the hosting service, I can "view" settings for our DNS records, and there is
    an A-record for our domain name pointing to 64.71.33.101

    And of course, if you enter that IP address in a browser, it does not bring
    up our site.

    How does all of this even work, DNS wise?
     
    JohnB, Oct 16, 2009
    #1
    1. Advertisements

  2. JohnB

    Chris Dent Guest

    Hi John,

    It's not DNS, it's the web server.

    If you're using a shared-hosting platform you'll be sharing that IP
    Address with any number of other customers. The web server takes inbound
    request and filters it to specific sites based on the name you use. It's
    referred to as Host Headers.

    When you use the IP Address alone you end up at the web site that
    doesn't have a name associated with it, there will only be one of those
    on that server for that IP address, so it makes sense you end up at the
    hosts site.

    Otherwise each website would need a separate IP address, which can be
    very wasteful and, in some instances, costly.

    HTH

    Chris
     
    Chris Dent, Oct 16, 2009
    #2
    1. Advertisements


  3. As Chris said, it's based on host headers. I used nslookup to check out the
    name and IP address, and got the following:

    ===
    Server: london.nwtraders.msft
    Address: 192.168.1.200

    Non-authoritative answer:
    Name: blackdiamondranch.com
    Address: 63.85.17.161
    Server: london.nwtraders.msft
    Address: 192.168.1.200

    Non-authoritative answer:
    Name: blackdiamondranch.com
    Address: 63.85.17.161
    Aliases: www.blackdiamondranch.com
    ===

    So I'm not sure what the 64.71.33.101 comes in play. I put that in to check
    if it has a reverse, and it comes back empty. I went to your website, and I
    must say that Black Diamond looks like a fabulous country club. I forwarded
    the link to my wife, who is the assistnt controller for a country club in
    our area. I'm sure she and others at the club will enjoy it.

    Ace
     
    Ace Fekay [MCT], Oct 16, 2009
    #3
  4. JohnB

    JohnB Guest

    Ok, I'm somewhat familiar with host headers, from studies and a home lab
    working with IIS.

    What started all this was I asked a question of the company that hosts our
    site. I had asked something about viewing website statiscitcs. Their
    explanation why I couldn't view them was; the domain name isn't registered
    with them, it's registered with Network Solutions. And the A-record for our
    website points to 63.85.17.161

    I understand that host headers allows one IP address to point to many
    websites, on the web server. But what's confusing to me is, that A-record
    doesn't point to the server that hosts our site. It points to the company
    that developed our site.

    So, this company that hosts our site, that I had asked the original quesiton
    of... is suggesting that we change the DNS records on our name servers to
    point to their webserver, as such:
    www.blackdiamondranch.com IN A 64.71.33.101

    I really am not interested in the website statistics or, in changing the
    A-record. I just find it hard to understand how our A-record can be
    pointing to 63.85.17.161 and requests ending up getting resolved to
    64.71.33.101

    I hope that makes sense!
     
    JohnB, Oct 16, 2009
    #4
  5. JohnB

    JohnB Guest

    See reply to Chris' post.

    Thanks, on the club. Yes, for this part of the country(FL), which is
    totally flat, having a course with that much elevation change is also
    considered fabulous. It was all built in and around an old limestone
    quarry.
     
    JohnB, Oct 16, 2009
    #5
  6. Your country club site is amazing. The limestone quarry with elevations from
    digging, surely did the trick!

    Ace
     
    Ace Fekay [MCT], Oct 16, 2009
    #6
  7. Currently it's set to 63.85.17.161.

    Why do they want you to change it? Apparently they are uploading it to it's
    current location. Isn't that good enough, or is there some other reason they
    want you to change it to them? Possibly "lock" you in to their system making
    it harder to move away, if you decide to choose so later down the line?

    Ace
     
    Ace Fekay [MCT], Oct 16, 2009
    #7
  8. JohnB

    Chris Dent Guest

    Hey John,

    I fired up my packet sniffer, and request for your website are really
    being answered by a server on the advertised IP address (161). There's
    no redirection behind the scenes there. Unless the server on the 161
    address is acting as a Proxy content is coming from the 161 IP.

    I also popped a fake hosts entry in for your site on the other IP.
    Interestingly enough it does also respond on that IP (same Host Headers
    scenario, so you do need to fake the name resolution with either Hosts
    or an internal DNS server). However, the site doesn't work very well
    from there, it redirects to another IP because of this bit of HTML:

    <meta HTTP-EQUIV="refresh"
    CONTENT="0;URL=http://207.36.40.55/cgi-bin/protector/mojoProtector.cgi?action=login">

    That doesn't work for me, it kills the page completely with a timeout.

    Therefore, if you do consider changing the IP in the A record you need
    to fully investigate the state of the site on the other web server first.

    I don't do the golf bit, but the rotating pictures on your site are
    absolutely lovely. Makes me sigh :)

    Chris
     
    Chris Dent, Oct 16, 2009
    #8
  9. JohnB

    Grant Taylor Guest

    I believe that Clubessential /is/ hosting your web site. Everything
    that I see (and others have reported) indicate that your web site is
    living on (what appears to be) Clubessential's server.

    If you (temporarily) bypass DNS by adding the following entry to your
    hosts file (%SystemRoot%\system32\drivers\etc\hosts)

    64.71.33.101 www.blackdiamondranch.com blackdiamondranch.com

    and flush your DNS (or reboot) and restart your browser (flush it's
    cache) you will find part of what I'm betting is an old copy your club's
    web site.

    This leads me to believe that if you are paying someone to host your web
    site at 64.71.33.101, I believe you are paying them for doing nothing.

    At this point I would strongly suggest that you get someone from your
    web design company on the phone and ask them to explain this situation
    to your satisfaction. There may indeed be some sort of reverse proxying
    going on like Chris suggested.

    What ever is going on, I do think that Clubessential should spend some
    time on the phone (or email) explaining this to your satisfaction.



    Grant. . . .
     
    Grant Taylor, Oct 20, 2009
    #9
  10. JohnB

    JohnB Guest

    You were right. Apparently someone (a non-IT person) at this company,
    before I started working here, was talked into using this company, Hostway.
    And they seem to be a *shady* group. I called them and they said we pay
    them $40/month for a linux hosting service, and to register 3 domain names
    we have. I told the guy that a WhoIs lookup shows Network Solutions is the
    registrar. And then he said something (had a difficult time understanding
    him with the *accent* he had) about that being true.

    So a question that started about *understanding DNS* evolved into something
    that saved this company some money. Which is always good.
    Thanks Grant!
     
    JohnB, Oct 22, 2009
    #10
  11. JohnB

    Grant Taylor Guest

    I'm glad that everything worked out.
    You are welcome.



    Grant. . . .
     
    Grant Taylor, Oct 27, 2009
    #11

  12. Good catch, Grant!

    Cheers!

    Ace
     
    Ace Fekay [MCT], Oct 27, 2009
    #12
  13. JohnB

    Grant Taylor Guest

    Thank you.

    That just goes to show how much $h!+ that I've seen. I'm dealing with a
    customer that has a web site that appears to be hosted by one provider
    who is really in turn iframing content from another URL that is a
    sub-directory from an IP address! Needless to say, security systems do
    not like such iframing. :(

    You may (or may not) be surprised how badly broken things can be after
    multiple wanna-be-techs fail one after the other when trying to fix things.
    Likewise.




    Grant. . . .
     
    Grant Taylor, Oct 28, 2009
    #13

  14. Not too surprised. That's how I get some of my business! Kind of a
    troubleshooter, then inherit the customer, in some cases. I don't mind. :)

    But I know what you mean about the hosting business.

    Here's a related, quick short story that happened yesterday:

    I have one customer that acquired another back in Dec, 2008. I usually
    transfer registrars from any of the acquired companies to consolidate their
    domain names into my customer's Netsol account, but didn't do this one
    because they had paid a one year on hosting and the registrar, so I figured
    just leave it there for now. The registrar is Enom. I simply took over the
    account's administration, etc, in order to change MX and other records, etc,
    but more importantly to put my customer's company name on the account.

    I noted the recorded the www and @ IP address, ran a reverse on the IP,
    which pointed to some web server that I assumed was associated to Enom (bad
    assumption), and recorded into my little change management Excel sheet. The
    website worked fine . So it's been working fine, until I got a call
    yesterday that now their website gets redirected to some other entity (a
    church), not even related to this company. So I kind of figured this was not
    intentional.

    Using nslookup, I ran a reverse lookup on the IP. It now shows the reverse
    record has changed and now belongs to that church. Hmm. ?? I called Enom to
    see what's up. They told me that IP doesn't belong to them and told me the
    web content was hosted elsewhere, and that I cannot get to that info because
    someone else had registered the account, which that person had a contract
    with another company for the webhosting. . Hmm, great... I thanked him, and
    hung up. After further investigation, I found and confirmed Enom's
    statements. I didn't know all of this earlier and got mad about it. I found
    out that (1) the acquired company bought web hosting services thrrough one
    guy, and (2), that guy went through another company for hosting, and (3),
    which that company used Enom as the registrar. ,

    Oh boy. So I tried to get a hold of #1 without success. I left a message. It
    appears it's either a hostheader issue (not likely because of the PTR now
    pointing to the church), or the guy performed IP and other changes that
    snafuued my customer's site. To eliminate this mess and reliance on this
    third party, twisted mess, and to save money, I suggest they just transfer
    registrars to their Netsol account and use our in-house web server and drop
    the hosting company and their contract, etc. Awaiting a decision, possibly
    tomorrow, but I feel I will be working on it this weekend.

    What a mess!

    Ace
     
    Ace Fekay [MCT], Oct 28, 2009
    #14
  15. JohnB

    Grant Taylor Guest

    *nod*

    Do you ever get tired of having to clean up after people? I know that I
    do. I wish that just once I could follow my self (or someone like me)
    when I inherit a customer. Though I did manage to follow someone like
    me who did *VERY* good phone work. That was nice. Made my life a lot
    easier.
    You have fun!

    I find that I get most of my R & D and (e)paper work done while waiting
    on (as I call it) "Blue-Bar-Time" when I can work on things at my office
    over night / weekends. Not to mention newsgroups and FPS time. :}
    Somebody buy that man a drink! ... a soda at the very least!



    Grant. . . .
     
    Grant Taylor, Oct 28, 2009
    #15
  16. Actually, I don't mind cleaning things up. I look at it as a challenge and
    will take on that challenge. Not that I'm looking for credibility, rather
    looking for more work! So if this leads to more work, whether I am
    performing this for a consulting company that called me in, or through an
    acquantance or student who calls me out of the blue.
    Yes, same here. Usually spend about an hour after I wake up, and then a few
    hours in the evening, in between everything else!
    Thanks, I'll have a double Crown Royal, and a Sam Adams!
    Cheers!

    Ace
     
    Ace Fekay [MCT], Oct 28, 2009
    #16
  17. JohnB

    JohnB Guest

    Good taste! I just now got back to this thread and saw your and Grants last
    replies. Very interesting.

    This experience of mine, and to a degree the one you just mentioned, all
    goes to show the importance of good documentation.
    In our case, none of this would have happened, had there been documentation
    on the history of this.
    My employer paid this hosting company $40/month, for 2 years, and they
    weren't using it!! I started working here and was looking at where all
    their various domain names were registered. And after posting here and
    getting help from Grant, I discovered all of this.
    When I started here 2 months ago there was ZERO network documentation. This
    IT position seems to be a revolving-door kind of job, no one stays that
    long.... probably because it's so small. But when I leave here the next
    guy won't have to go through this. I'm documenting everything.
     
    JohnB, Nov 6, 2009
    #17
  18. That is good to hear! More power to you for taking the time to document
    everything. Hopefully this will give you the edge to stay longer and shut
    the revolving door.

    And when you go home, relax with those beverages! :-

    Ace
     
    Ace Fekay [MCT], Nov 7, 2009
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.