`lemnoslife.com` DNS not reachable#281
Closed
https://discord.com/channels/933841502155706418/933841503103627316/1249908624843870301 At 03:43: From: [email protected] > [CENSORED-ovh] Protection anti-DDoS activée pour l'adresse IP 54.37.228.22 > SAS OVH - https://www.ovh.com/ > 2 rue Kellermann > BP 80157 > 59100 Roubaix > > > > Chère cliente, cher client, > > Notre système de surveillance du réseau a détecté des modèles de trafic inhabituels qui peuvent indiquer une attaque ciblant vos services sur 54.37.228.22. > Pour protéger votre entreprise et supprimer toute activité malveillante, nous dirigeons dès à présent votre trafic vers nos centres de nettoyage réseau. > > Veuillez noter que ces attaques visent généralement à rendre les services indisponibles et ne devraient pas présenter de risque pour la sécurité de vos données. > > En général, aucune action de votre part n'est requise. > > Pour plus de détails, rendez-vous dans votre espace client, partie « Bare Metal Cloud », « Network », puis cliquez sur le tableau de bord Anti-DDoS. Vous pouvez également y accéder en cliquant sur le lien suivant : > https://www.ovh.com/manager/#/dedicated/network-security/scrubbing-center > > En tant que client·e OVHcloud, vous bénéficiez d'un service de protection anti-DDoS de pointe qui isole et filtre le trafic malveillant. Plus d'informations ici : https://www.ovhcloud.com/fr/security/anti-ddos/ > > Nous vous remercions pour la confiance que vous nous accordez. > > L'équipe OVHcloud > > Pour obtenir de l'aide, retrouvez toutes nos solutions en ligne sur notre Centre d'aide : https://help.ovhcloud.com/ > Vous y retrouverez nos Guides, FAQ, Forum communautaire et Opérations de maintenance. > > OVH SAS est une filiale de la société OVH Groupe SAS, SAS au capital de 10 069 020 euros, immatriculée au RCS de Lille Métropole sous le numéro 537 407 926 et dont le siège social est sis 2, rue Kellermann, 59100 Roubaix. From my laptop: ```bash nslookup lemnoslife.com 54.37.228.22 ``` ``` ;; communications error to 54.37.228.22#53: timed out ;; communications error to 54.37.228.22#53: timed out ;; communications error to 54.37.228.22#53: timed out ;; no servers could be reached ``` ```bash telnet 54.37.228.22 53 ``` ``` Trying 54.37.228.22... Connected to 54.37.228.22. Escape character is '^]'. ``` I already `reboot`ted the server and verified its DNS with `service bind9 status`. https://www.ovh.com/manager/#/web/zone/lemnoslife.com https://www.ovh.com/manager/#/dedicated/vps/vps713872.ovh.net/dashboard  Source: https://www.ovh.com/manager/#/web/domain https://www.ovh.com/manager/#/web/domain/lemnoslife.com ```bash iptables -L ``` ``` Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source ``` ```bash df -h ``` ``` ... /dev/sda1 20G 17G 2.2G 89% / ... ``` ```bash htop ``` ``` ... Mem[|||||||||||||||||| 392M/1.87G] ... ``` `/etc/bind/db.lemnoslife.com`: ``` $TTL 60 ; zone lemnoslife.com/IN: zone serial (2022200400) unchanged. zone may fail to transfer to slaves. @ IN SOA dns.lemnoslife.com. lemnoslife.com. (2023050308 86400 60 3600000 300) IN NS dns.lemnoslife.com. IN MX 10 smtp IN A 54.37.228.22 ; ... yt IN A 129.151.245.17 ``` Should investigate: ``` ; zone lemnoslife.com/IN: zone serial (2022200400) unchanged. zone may fail to transfer to slaves. @ IN SOA dns.lemnoslife.com. lemnoslife.com. (2023050308 86400 60 3600000 300) ``` https://arstechnica.com/gadgets/2020/08/understanding-dns-anatomy-of-a-bind-zone-file/ Investigating how Firefox DNS over HTTPS with CloudFlare works: ```bash curl -s -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=lemnoslife.com" | jq ``` ```json { "Status": 0, "TC": false, "RD": true, "RA": true, "AD": false, "CD": false, "Question": [ { "name": "lemnoslife.com", "type": 1 } ], "Answer": [ { "name": "lemnoslife.com", "type": 1, "TTL": 60, "data": "54.37.228.22" } ] } ``` The few results on DuckDuckGo and Google for `"#53: timed out"` do not look interesting. Should investigate https://www-phpschool-com.translate.goog/gnuboard4/bbs/board.php?bo_table=qna_install&wr_id=130170&sca&page=4&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp. `/etc/resolv.conf`: ``` domain openstacklocal search openstacklocal nameserver 213.186.33.99 ``` From my OVH VPS: ```bash ping 213.186.33.99 ``` ``` PING 213.186.33.99 (213.186.33.99) 56(84) bytes of data. 64 bytes from 213.186.33.99: icmp_seq=1 ttl=53 time=1.92 ms 64 bytes from 213.186.33.99: icmp_seq=2 ttl=53 time=1.90 ms ... ``` ```bash telnet 213.186.33.99 53 ``` ``` Trying 213.186.33.99... Connected to 213.186.33.99. Escape character is '^]'. ``` Maybe the anti DDOS is just forbidding external access. It seems to make sense as there is no `End time` to current attack:  Source: https://www.ovh.com/manager/#/dedicated/network-security/scrubbing-center So it does not seem possible to tell OVH that it is filtering too much.  Source: https://www.ovh.com/manager/#/dedicated/network-security/traffic According to history entries 26 hours after `Detection time` there is the `End time`, so in theory around `2024-06-12 04:36:59`. Both: - https://help.ovhcloud.com/csm/en-public-cloud-network-change-instance-dns-servers?id=kb_article_view&sysparm_article=KB0050529 - https://help.ovhcloud.com/csm/en-gb-dedicated-servers-network-bridging?id=kb_article_view&sysparm_article=KB0043730 mentions `213.186.33.99` in `/etc/resolv.conf`. https://www.zonemaster.net/en/run-test I personally modified my `/etc/hosts` to not suffer of this issue.
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by Benjamin-Loison and has received 1 comments.
Add a comment
Comment form would go here