allegro.pl connection problems - detailed analysis
Thu, 04 Apr 2013 20:35:29 +0000
I've just observed I cannot reach allegro.pl site. Let's check what has failed (this time).
First of all, let's check ICMP availability:
$ ping allegro.pl ping: unknown host allegro.pl Ops, looks like something wrong with DNS, confirmation below: $ dig allegro.pl ; <<>> DiG 9.8.1-P1 <<>> allegro.pl ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56412 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;allegro.pl. IN A ;; Query time: 32 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Apr 4 22:18:10 2013 ;; MSG SIZE rcvd: 28 No DNS response from default servers.
Let's check WHOIS record for this domain:
$ whois allegro.pl | grep -A 1 nameservers: nameservers: gtmdc3.allegro.pl. [91.207.14.244] gtmdc2.allegro.pl. [91.194.188.132] We see we have two nameservers specified, lets check if they're available (ICMP): $ ping -c 1 91.207.14.244 PING 91.207.14.244 (91.207.14.244) 56(84) bytes of data. 64 bytes from 91.207.14.244: icmp_req=1 ttl=247 time=32.8 ms --- 91.207.14.244 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 32.823/32.823/32.823/0.000 ms $ ping -c 1 91.194.188.132 PING 91.194.188.132 (91.194.188.132) 56(84) bytes of data. 64 bytes from 91.194.188.132: icmp_req=1 ttl=248 time=57.0 ms --- 91.194.188.132 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 57.038/57.038/57.038/0.000 ms Seems to be up and running. Let's check DNS responses from those servers: $ dig allegro.pl @91.207.14.244 ; <<>> DiG 9.8.1-P1 <<>> allegro.pl @91.207.14.244 ;; global options: +cmd ;; connection timed out; no servers could be reached That's the problem: 91.207.14.244 is not responding for DNS queries. Let's check secondary server then: $ dig allegro.pl @91.194.188.132 ; <<>> DiG 9.8.1-P1 <<>> allegro.pl @91.194.188.132 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55010 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;allegro.pl. IN A ;; ANSWER SECTION: allegro.pl. 30 IN A 72.52.5.208 ;; Query time: 31 msec ;; SERVER: 91.194.188.132#53(91.194.188.132) ;; WHEN: Thu Apr 4 22:25:34 2013 ;; MSG SIZE rcvd: 44 Here we have a server located, let's see it's availability by HTTP protocol: $ telnet 72.52.5.208 80 Trying 72.52.5.208... Connected to 72.52.5.208. Escape character is '^]'. GET / HTTP/1.0 Connection closed by foreign host.
Great :-)
Reverse DNS:
$ host 72.52.5.208 208.5.52.72.in-addr.arpa domain name pointer unknown.prolexic.com. Looks like DDOS again (guys at prolexic sells anti-DDOS software).