allegro.pl connection problems – detailed analysis

I've just observed I cannot reach allegro.pl site. Let's check what has failed (this time).

First of all, let's check ICMP availability:

$ ping allegro.pl
ping: unknown host allegro.pl

Ops, looks like something wrong with DNS, confirmation below:

$ dig allegro.pl

; <<>> DiG 9.8.1-P1 <<>> allegro.pl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56412
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;allegro.pl.            IN    A

;; Query time: 32 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr  4 22:18:10 2013
;; MSG SIZE  rcvd: 28

No DNS response from default servers.

Let's check WHOIS record for this domain:

$ whois allegro.pl | grep -A 1 nameservers:
nameservers:           gtmdc3.allegro.pl. [91.207.14.244]
gtmdc2.allegro.pl. [91.194.188.132]

We see we have two nameservers specified, lets check if they're available (ICMP):

$ ping -c 1 91.207.14.244
PING 91.207.14.244 (91.207.14.244) 56(84) bytes of data.
64 bytes from 91.207.14.244: icmp_req=1 ttl=247 time=32.8 ms

— 91.207.14.244 ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 32.823/32.823/32.823/0.000 ms

$ ping -c 1 91.194.188.132
PING 91.194.188.132 (91.194.188.132) 56(84) bytes of data.
64 bytes from 91.194.188.132: icmp_req=1 ttl=248 time=57.0 ms

— 91.194.188.132 ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 57.038/57.038/57.038/0.000 ms

Seems to be up and running. Let's check DNS responses from those servers:

$ dig allegro.pl @91.207.14.244

; <<>> DiG 9.8.1-P1 <<>> allegro.pl @91.207.14.244
;; global options: +cmd
;; connection timed out; no servers could be reached

That's the problem: 91.207.14.244 is not responding for DNS queries. Let's check secondary server then:

$ dig allegro.pl @91.194.188.132

; <<>> DiG 9.8.1-P1 <<>> allegro.pl @91.194.188.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55010
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;allegro.pl.            IN    A

;; ANSWER SECTION:
allegro.pl.        30    IN    A    72.52.5.208

;; Query time: 31 msec
;; SERVER: 91.194.188.132#53(91.194.188.132)
;; WHEN: Thu Apr  4 22:25:34 2013
;; MSG SIZE  rcvd: 44

Here we have a server located, let's see it's availability by HTTP protocol:

$ telnet 72.52.5.208 80
Trying 72.52.5.208…
Connected to 72.52.5.208.
Escape character is '^]'.
GET / HTTP/1.0

Connection closed by foreign host.

Great 🙂

Reverse DNS:

$ host 72.52.5.208
208.5.52.72.in-addr.arpa domain name pointer unknown.prolexic.com.

Looks like DDOS again (guys at prolexic sells anti-DDOS software).

This entry was posted in en and tagged . Bookmark the permalink.