networking - What is 67.63.55.3?
2014-07
On my Mac, if I ping a single-word domain, I see:
PING asdfsad (67.63.55.3): 56 data bytes
64 bytes from 67.63.55.3: icmp_seq=0 ttl=241 time=93.308 ms
64 bytes from 67.63.55.3: icmp_seq=1 ttl=241 time=96.837 ms
etc.
This happens, as far as I can tell, for any single word.
I would expect it to return Unknown Host
or some similar error. So why this IP?
Things I have determined:
A whois lookup tells me that it is related to Blucora... I've never heard of them before.
Traceroute returns:
Traceroute has started…
traceroute to hjhgfjh (67.63.55.3), 64 hops max, 72 byte packets
1 10.0.1.1 (10.0.1.1) 1.114 ms 0.770 ms 0.729 ms
2 10.240.184.81 (10.240.184.81) 8.935 ms 9.032 ms 10.116 ms
3 433be0e1.cst.lightpath.net (67.59.241.225) 15.735 ms 11.319 ms 10.576 ms
4 rtr1-ge1-3.mhe.whplny.cv.net (67.83.230.1) 14.493 ms 11.433 ms 15.134 ms
5 r1-ge6-1.cst.nrwlct.cv.net (65.19.121.161) 16.598 ms 18.305 ms
65.19.121.37 (65.19.121.37) 14.023 ms
6 64.15.3.241 (64.15.3.241) 16.570 ms
64.15.3.230 (64.15.3.230) 17.813 ms
64.15.3.218 (64.15.3.218) 14.089 ms
7 64.15.0.102 (64.15.0.102) 37.643 ms 37.702 ms 34.019 ms
8 chi2-pr1-ae5-115.us.twtelecom.net (66.192.252.97) 35.458 ms 35.082 ms 34.808 ms
9 sea1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.250.14) 98.257 ms 94.150 ms 116.695 ms
10 66-193-100-94.static.twtelecom.net (66.193.100.94) 94.599 ms 92.712 ms 94.271 ms
11 tuk01ef01-reth4.0.inspinc.ad (67.63.56.61) 95.860 ms 96.067 ms 96.450 ms
12 67.63.55.3 (67.63.55.3) 93.160 ms 92.671 ms 98.431 ms
So this establishes that it is an ISP thing, not an issue with my router/computer, right? Though isn't odd that my request is handled seemingly without an error, routed through my ISP (Optimum), though to Cablevision and tw Telecomm?
Then there is that last domain, inspinc.ad
, which also tracks back to Blucora... visiting inspinc.ad
doesn't work, and I can't ping it, but inspinc.com
as well as inspinc.eu
return Status: OK
with no other information.
In my googling I was unable to find any answers, but I did find numerous results of people having this IP show up with invalid pings.
The issue here is that your DNS server is returning that address for gibberish domain requests.
If you run nslookup asdfsad
in Terminal you'll see what DNS server is being queried.
When you access that IP in a web browser, you get back a not found page from Optimum online. My guess is that Optimum is your ISP, and they have configured your DNS servers to return a customized page to your browser when you access a domain that doesn't exist, rather than just let the browser fail.
You can experiment with defining your own DNS servers to override this behavior. People will commonly use OpenDNS services if they don't like or trust their ISPs, and OpenDNS will also catch common misspellings and redirect you to the right place (this also makes your browser safer if a misspelled domain is taken over by a phisher). Google also provides an easy-to-remember public DNS.
OpenDNS:
208.67.222.222
208.67.220.220
Google Public DNS:
8.8.8.8
8.8.4.4
Well, it turns out Optimum isn't as bad* as I thought. When navigating to one of these non-existent domains in my browser, I am shown the hijacked Optimum DNS Assistance page... with an option to opt-out of the service!
So opt out I did, and now all of my invalid DNS lookups return NXDOMAIN
, as they should.
Granted, this only applies to Optimum customers, but it does serve as a reminder to look for a simpler solution first...
I'm going to leave NReilingh's answer as the accepted answer because that applies for everyone, not just Optimum customers.
*they're still pretty bad.
Running Ubuntu 9.04. I can ping hosts all day long but when I try to ping a host that doesn't exist, it instead sends pings to 8.15.7.100, which turns in to packet loss, but I'd prefer it if it told me the host cannot be found.
$ ping google.com
PING google.com (66.249.90.104) 56(84) bytes of data.
64 bytes from lga15s04-in-f104.1e100.net (66.249.90.104): icmp_seq=1 ttl=55 time=31.3 ms
$ ping somehost
PING somehost (8.15.7.100) 56(84) bytes of data.
I'm new to Ubuntu so this might be a feature, but anything I can do about it?
You'll need to determine where your system is getting the weird IP.
Some ISPs configure their DNS servers to hijack DNS responses for non-existent domain names. Their purpose is generally to send a web-browser to a "search" site to make money by displaying advertisements. Unfortunately, this practice breaks the NXDOMAIN response that DNS would otherwise use to tell your computer that there's no DNS entry for the host.
If somehost isn't a full domain name, it's more likely your system or local DNS server is misconfigured. You can use dig to query DNS servers to help troubleshoot; see the DiG HowTo and man dig
for details.
It's the ISP; playing tricks.
See the following article:
http://www.michaelgeist.ca/content/view/3199/125/
Rogers Cable uses 8.15.7.107
This has certainly nothing to do with your pc/OS/router. I run several Linux systems, none of them replied the way yours does. As pointed out already, this is, most likely, a trick played by your ISP.
There are two things that you can do about this. On the one hand, you can study your ISP's behaviour by downloading, installing and running Namebench, a Google test to compare your current ISP's DNS performance against Google's. Besides just timing several possibilites, it also tries to establish whether your ISP performs any kind of filtering, by trying to identify commonly blocked URLs. The report of the test will clarify what your ISP is really up to.
If the outcome of this is not fully satisfactory to you, you may wish to install DNSCrypt, a software package available for several OSes (Windows and MacOS users can find it here) which allows you to encrypt all of your DNS traffic and move it to a seldom-used port. This allows you to bypass ISP's filters which recognize either filter or protocol, and get access to one of a series of providers (chief among them is OpenDNS) willing to provide encrypted DNS resolution. This will restore full capabilities to your pc/LAN, whatever.
I did a whois
lookup on the 'resolved' IP -- 8.15.7.100
,
IP address : 8.15.7.100 IP country code: US IP address country: United States IP address state: California IP address city: Beverly Hills IP postcode: 90212 IP address latitude: 34.0607 IP address longitude: -118.4032 ISP of this IP : Level 3 Communications Organization: Co-Location.com Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.255.255.255 Co-Location.com Inc. LVLT-COLOC-1-8-15-7-96 (NET-8-15-7-96-1) 8.15.7.96 - 8.15.7.127
This may be familiar to you -- like Quack
describes.
This maybe something configured along with your ISP related network setup.
If this reference is not familiar to your, you should dig this up for details.
It is always important to know where your unresolved network paths lead to.