-----Original Message----- From: Mukund Sivaraman [mailto:m...@isc.org] Sent: Saturday, September 17, 2016 12:01 PM To: Bhangui, Sandeep - BLS CTR <bhangui.sand...@bls.gov> Cc: 'email@example.com' <bind-us...@isc.org> Subject: Re: Organization IP address is getting redirected to a website which does not belong to the organization.
On Sat, Sep 17, 2016 at 03:51:00PM +0000, Bhangui, Sandeep - BLS CTR wrote: > Hi > > Not exactly sure whether this is a DNS issue but hoping someone here on this > forum can provide some advice/suggestion as I am trying to figure out what is > going on. > > Our organization BLS owns ( registered with the registrar ) the network > address 146.142.xxx.xxx. > > But if someone from the Internet [ outside of BLS network ) tries to go to > "http://22.214.171.124" it gets redirected to a site in UK called > "us.watcheezy.com" > > I have checked the DNS from the BLS side and we do not have any entry of > any kind for the record 126.96.36.199 on our DNS. > > I have also done DNS lookups for watcheezy.com and those seem to be good too > with respect to IP and the NS and as to what those NS are reporting. > > Can anyone throw some light on as to what is going on here.....does not look > like a DNS issue to me but I could be wrong. [muks@jurassic ~]$ wget --debug http://188.8.131.52 DEBUG output created by Wget 1.18 on linux-gnu. Reading HSTS entries from /home/muks/.wget-hsts URI encoding = ‘UTF-8’ Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8) --2016-09-17 21:28:13-- http://184.108.40.206/ Connecting to 220.127.116.11:80... connected. Created socket 3. Releasing 0x0000564b513bd220 (new refcount 0). Deleting unused 0x0000564b513bd220. ---request begin--- GET / HTTP/1.1 User-Agent: Wget/1.18 (linux-gnu) Accept: */* Accept-Encoding: identity Host: 18.104.22.168 Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 302 Found Date: Sat, 17 Sep 2016 16:26:06 GMT Server: Apache/2.2.22 (Ubuntu) X-Powered-By: PHP/5.4.9-4ubuntu2.3 location: http://www.watcheezy.com/ Vary: Accept-Encoding Content-Length: 0 Connection: close Content-Type: text/html It is a HTTP redirect (see the location: header above). Check the configuration of the HTTP server (webserver) that's serving for this IP address. I think you are referring to www.watcheezy.com when you say check the configuration of the HTTP server.....if that is the case that server is not ours I believe this site is from UK do not even know where the server is actually hosted. If apologize if I have not understood your response correctly. Sandeep Mukund _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list firstname.lastname@example.org https://lists.isc.org/mailman/listinfo/bind-users