DNS IP's for subdomains seem incorrect

tnlyne · June 4, 2018, 4:58pm

I ran this command:
nslookup router.tonylyne.com
nslookup tonylyne.com

It produced this output:
nslookup router.tonylyne.com
nslookup: can’t resolve ‘(null)’

Name: router.tonylyne.com
Address 1: 69.197.18.190 69.197.18.190.afraid.org

nslookup tonylyne.com
nslookup: can’t resolve ‘(null)’

Name: tonylyne.com
Address 1: 209.252.175.57

My web server is (include version): dd-wrt busybox (router), nginx/apache2.4 (NAS)

The operating system my web server runs on is (include version): DD-WRT on Netgear R7000 router and Synology DSM 6.2 NAS.

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Some GUI interfacing but doing mostly shell configuration behind the scene’s.

Problem background:
https://crt.sh/?q=%.tonylyne.com

I was issuing certs (learning as I’ve never done this before) for my NAS (wildcard *.tonylyne.com) and my DD-WRT router (router.tonylyne.com). I was using acme.sh on my router and got it working with freedns after some fumbling around. On my last attempt I hit the rate-limit (duplicate certs I think). I didn’t know about the staging letsencrypt server before hitting this. I went back to a working cert but I don’t know if my DNS-01 TXT entry currently is correct or is part of my issue. I’m using webforward afraid.org DNS entry to map router.tonylyne.com to https://tonylyne.com:8080. This was working today when I had router.tonylyne.com resolving to my 209.252.175.57 IP address but for some reason many of my webforwards seems to be resolving to 69.197.18.xxx IP’s (which appear to be in the range of NS3.AFRAID.ORG space?

Strangely enough, I had it resolve correctly once today and I connected to my router with a proper letsencrypt certificate as I expected. Immediately after this I tried a couple of my other subdomains and retried my router and it then showed the incorrect 69.197.18.190 IP address. I’m not sure how or why this is happening. It seems to change after my HTTPS connection works once. Is this something I need to talk AFRAID DDNS provider about?

sahsanu · June 4, 2018, 6:20pm

Hi @tnlyne,

You have activated web forward for your domain router.tonylyne.com so afraid.org is changing the IP of this domain to point to one of their web servers and from that afraid.org's web server they are redirecting it to https://tonylyne.com:8080 and it works but the certificate on your router is only valid for router.tonylyne.com so you get a bad cert error.

This is the redirection performed by afraid.org:

$ curl -IkL http://router.tonylyne.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.2
Date: Mon, 04 Jun 2018 18:12:31 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=15
X-Abuse: URL redirection provided by freedns.afraid.org - please report any misuse of this service
Location: https://tonylyne.com:8080

curl: (52) Empty reply from server

You can remove the web forward for router.tonylyne.com and point it to your current ip, then, simply try to access your router using https://router.tonylyne.com:8080

Or you could issue a certificate covering *.tonylyne.com or *.tonylyne.com and tonylyne.com and use it in your router instead of the cert covering only router.tonylyne.com.

Cheers,
sahsanu

system · July 4, 2018, 6:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.