Anyone see why anidb.net can’t be resolved through my Unbound server? it’s been an ongoing issue for a few months on two of my Unbound boxes. It works elsewhere. I couldn’t find anything useful in the log, but I’m far from an expert.
I set syslog to allow 2000 entries per second (otherwise I’d hit a ratelimiter). I also set Unbound to a verbose level of 5.
a message of 152 lines which said:
Anyone see why anidb.net can't be resolved through my Unbound
server?
The only thing I can say is that this domain is served by four name
servers but they seem (from their IP addresses) close to each
other. Which means a single routing issue may make the domain
unresolvable.
Try with dig to see if it's the case:
dig @dns1.registrar-servers.com A anidb.net
dig +norec @dns1.registrar-servers.com A anidb.net
I have gotten a few offlist responses, so here’s some additional information.
It has two interfaces, one public and one private:
root@unbound2:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 65.182.164.65 0.0.0.0 UG 0 0 0 eth1
10.0.0.0 10.1.8.1 255.0.0.0 UG 0 0 0 eth0
10.1.8.0 * 255.255.255.0 U 0 0 0 eth0
65.182.164.64 * 255.255.255.240 U 0 0 0 eth1
I do see some reachability issues within Verisign. Oddly enough, I have a similar situation with Google Domains, but their network isn’t as open for me to troubleshoot.
Source of the problem: My honeypot blacklist rules on my border router. Any scans that hit my honey pot IP get thrown into an address list. That address list is dropped at the border. Someone spoofed the IPs of those nameservers.
Well, that or is spoofing my honeypot address so that legitimate sites respond to it. sigh What a bunch of sad fucks…