RE: Spectrum DNS servers resolving my domain name to a loopback address.

[Jerry Cloe <jerry () jtcloe net>]

I have a spectrum line in KCMO, I don't use their dns, but dhcp is passing me 209.18.47.61 and .63, and I'm seeing the 
exact same thing the reddit user you quoted below is seeing. This is most definitely a spectrum issue.

 
I don't know Spectrum's dns setup, but these appear to be somewhere in TX, so I don't think they are anycast or 
mirrrored through their network, but I've never dug into that.


 
-----Original message-----
From:jake vdb <jake.vdb () gmail com>
Sent:Thu 10-03-2019 10:31 pm
Subject:Spectrum DNS servers resolving my domain name to a loopback address.
To:nanog () nanog org; 
 
Hey, I posted this on r/networking and was advised to post on this list. The small company I work for has a niche SaaS 
app and for the past week Spectrum DNS servers have resolved the name to 127.0.0.54.

I found a Spectrum user on reddit to confirm the problem:

nslookup rightbridge.net <http://rightbridge.net> dns-cac-lb-02.rr.com <http://dns-cac-lb-02.rr.com> 

Non-authoritative answer:
Name: rightbridge.net <http://rightbridge.net> 
Address: 127.0.0.54

server 209.18.47.62
Default Server: dns-cac-lb-02.rr.com <http://dns-cac-lb-02.rr.com> 
Address: 209.18.47.62

I have been trying for a week to get Spectrum tech support and Twitter support to help, but so far that's been an 
exercise in futility.

As far as I'm aware, this only affects Spectrum. I have switched some users to Google's public DNS servers, but I can't 
reach all of them.

Reddit has been some help troubleshooting;

That is indeed interesting. What I notice is:
It replies to A requests with a 60 second TTL every single time, which is a behavior normally expected of an 
authoritative server, yet it is marking the replies as non-authoritative. I would expect non-authoritative servers to 
have a decrementing TTL.
It responds with 0 records for NS, MX, AAAA, and A requests. Not NXDOMAIN though.
It seems like a wildcard record that covers everything under your domain.
I see this behavior on both of the Spectrum resolvers that my cable modem connection is offered via DHCP. I don't have 
this problem if I use my own resolver (on a Spectrum connection).
I'm stumped. Despite my comment earlier about it being unlikely to be a Spectrum problem, I now agree that it does 
appear to be something strange on their side. Just to be sure, have you ever used Spectrum as a provider for something 
related to this domain, where they hosted the domain or anything? I'm not sure if they even offer that service, but 
want to ask just to be sure. There is typically little reason to have a specific domain singled out in your nameservers 
unless you host it.
The one guess I have is that they have gone out of their way to ban your domain for some reason. Wildcard pointing all 
queries to it to localhost would not be too unexpected of a way to ban a domain. Have you had any trouble with malware 
infections, spam, or anything else you can think of that might have lead someone to want to ban the domain?
I don't believe Spectrum has even been a service provider for my employer. They do not offer service where our home 
office is located, and they have only used Rackspace for hosting in the 13 years they've been around. No malware, 
infections, spam (that I'm aware of). We are not registered on any Blacklists.

I appreciate any help / advice,
Jake