Recommended Posts

Hi...

Some time ago I started having trouble accesing a banking site here in Mexico, Banamex. My laptop and desktop were send to a site called "Atenci?n :: - (Ferozo - Panel de Control)". So I just tought that the Bank was having troubles. Today at night I got into te site and was sent to the same place, but my iPhone, wich tends to connect to a "free" connection around did connecto sucsesfully to the Bank. Switched connection to mine and was sent again to Ferozo. Is there a way that something is making my wireless router skip that specific site?

My router is a 2WIRE 2701HG-T that comes with my internet connection (Telmex Prodigy Infinitum)

Any idea what's happening?

Thanks in advance

Rick

Update.. if I get into the site via it IP addres (given to me by a friend) I do have access.. if I use the address (www.banamex.com) I cannot.

Edited by Macsen

And what do you think your using for your dns? ;) Your router! This is the default setting for like every soho router on the market, they all point to themselves for dns, and then forward on to your ISP, etc. So unless you changed that?

Flushing your local dns cache does nothing, if your just going to ask the router again - who is having issues looking up the site??

Query the authoritative nameservers for the IP if you want

Domain Name: BANAMEX.COM

Database last updated on 20-May-2009 23:29:42 EDT.

Domain servers in listed order:

NMXJAR-EDNS01.BANAMEX.COM 192.193.204.74

NMXMTY-EDNS01.BANAMEX.COM 192.193.207.41

Yeah no wonder you could be having problems -- they have their dns pretty dicked up.. their whois points to the above, but then those just point you to these

; <<>> DiG 9.2.4 <<>> @192.193.207.41 www.banamex.com

;; QUESTION SECTION:

;www.banamex.com. IN A

;; AUTHORITY SECTION:

www.banamex.com. 1800 IN NS wlbcon2263cpxew01.banamex.com.

www.banamex.com. 1800 IN NS wlbjar331cpxew01.banamex.com.

;; ADDITIONAL SECTION:

wlbjar331cpxew01.banamex.com. 3600 IN A 192.193.204.43

wlbcon2263cpxew01.banamex.com. 3600 IN A 192.193.207.43

Then if you query either of those you get an answer

; <<>> DiG 9.2.4 <<>> @192.193.204.43 www.banamex.com

;; QUESTION SECTION:

;www.banamex.com. IN A

;; ANSWER SECTION:

www.banamex.com. 1200 IN A 192.193.230.100

Look at the TTL, freaking 1200 seconds.. 20 minutes that's just asinine!

Look at the other TTLs, 3600, and 1800 -- way to low, so either they are having some major issues and moving the sites IP all the time, or someone does not have clue one on how to setup DNS. Which would be my guess ;)

Looks like the different opendns servers all have different IP cached -- either old ones with LONG TTLs, or they are bouncing around with different IPs??

http://www.opendns.com/support/cache/

Results for www.banamex.com

United States

New York, New York, USA * 192.193.206.100

Palo Alto, California, USA * 192.193.230.100

Seattle, Washington, USA * 192.193.206.100

Washington, DC, USA * 192.193.230.100

Chicago, Illinois, USA * 192.193.230.100

Europe

London, England, UK * 192.193.206.100

So yeah I can see why you might be having issues getting to this site.

Thanks for the answer... taking on account that yesterday I was supposed to have some free time but did not in the end, I changed router settings to OpenDNS and disconnected it from power to see if it helps (all night and until midday whey I arrive at home.. Will post the findings.

BudMan, thanks for the answer, even tough I just understood about half of what you wrote (technobabble is not my thing) and I'm sure you know what you've been doing and did is correct, I will post later today what happened...

Thanks Again

Rick

Ok lets see if I can put it layman terms.

every domain registered has to point to some nameserver(s) that is the OWNING server for that domain. In the case of the banamex.com domain those are these servers.

Domain servers in listed order:

NMXJAR-EDNS01.BANAMEX.COM 192.193.204.74

NMXMTY-EDNS01.BANAMEX.COM 192.193.207.41

But those servers are saying -- no we don't know that host, and are not the owning servers for the banamex.com domain -- go check one of these nameservers. See the NS in the record - this says that the Nameserver for the domain you asked about.

;; AUTHORITY SECTION:

www.banamex.com. 1800 IN NS wlbcon2263cpxew01.banamex.com.

www.banamex.com. 1800 IN NS wlbjar331cpxew01.banamex.com.

Those servers then return an IP for your host www.banamex.com

So there are some extra hops involved that really don't have to be there. And could cause delays, timeouts, etc. which could cause people not to get there. There are reason why you might need to do this for subdomains of a parent, ie if say the subdomain branch1.banamex.com had lots of hosts, say www.branch1.banamex.com or ftp.branch1.banamex.com, secure.branch1, etc. etc.

And the branch1 admins wanted control over the dns, then when someone asked for www.branch1.banamex.com the authoritative servers for the banamex.com domain would point you to the nameservers for that subdomain.

But since there is no subdomain involved here, not sure why they are pointing to other nameservers for a host 'www" in the root domain of banamex.com

The other problem I see is that the TTLs for everything involved are very low. The TTL is the amount of time a record can be cached by another nameserver, say your ISP or even your local cache on your machine. So for example the with your www.banamex.com host it can only be cached for max of 20 minutes. And then you would have to go look it up again, and since the nameservers also have very short TTLs, 3600 = 60 min, and 1800 in 30 minutes.. Every hour you have to start the process all over again the root servers,

The only reason you would create such short TTLs is if you were changing IPs all the time, and wanted to minimize the amount of time a site might point to an old IP. This causes lots of extra traffic to all the nameservers involved, be it the roots, your isp the names servers listed for the domain, etc. etc. Not a very good idea unless you are in the process of moving servers to a new host, etc. and want a very short amount of time before the new ip is handed out to everyone.

As you can see from the check I did to the opendns servers -- the different nameservers across the globe have different IPs cached for that host. If both of them are valid no big deal -- but if one of them is wrong, or even both of them are wrong -- then yeah it would be hard to resolve that host. Depending on which nameserver you query, or what your ISP dns has cached -- you could get the wrong IP, etc.

This explains why some can get to it, and some can not -- depending on what nameserver (dns) they use and if it has it cached or not, and if ips are correct, etc. So your iphone worked because the dns it was using had the correct ip cached, or looked it up directly vs going to a bad cached entry.. But if your ISP had the wrong IP cached, or even the wrong NS cached for that domain - then yeah you could have problems.

As I was saying if your having a problem getting to a host, and you believe it might be dns related problem -- you can always directly query the owning servers for that domain to find out what the owners of the domain are saying the IP is. You find the owning name servers of a domain by doing a whois on the domain. And then query them directly with dig or nslook, etc. To find out what they are saying the IP of that host is suppose to be.

Was that any clearer?? If you ever have any dns related question -- just PM me, I love DNS ;) hehehehe

Nope, it still do not works.

What I find weird is that the only place I get problems with is with my router at my house. All the other places connect me immediately at the right site, only my router sends me to another place. Even using OPENDNS it still sends to the wrong place. So now I'm sure the fault is with my router, but now I wonder how come IT get's screwed and sends me to this other place...

If you have any more ideas I'll be thankful..

Rick

"Even using OPENDNS"

What part about opendns having different entries on different servers did you not understand? Check it again I show all their servers listing the correct ip of http://192.193.230.100/

http://www.opendns.com/support/cache/

Also if your using opendns on your client -- its not your router doing anything.. Did you flush your local cache when you changed your client to point to opendns?

TurboT -- that is not parental control - but control panel. Ferozo is a hosting company. We would assume where the banamex site is hosted or was hosted ;) http://www.ferozo.net/

banamex's dns is pretty F'd up -- so yeah its quite possible your router might have issues with it. Point your clients directly to opendns, and flush your local cache. Reboot or ipconfig /flushdns after you have made the change.

If you want to troubleshoot your problem -- your going to have to give me more to go.. do a nslook up www.banamex.com -- what does it show? set debug option. example. Here you can see exactly where my client got the info from.

C:\>nslookup

Default Server: p4-28g.local.lan

Address: 192.168.1.4

> set debug

> www.banamex.com

Server: p4-28g.local.lan

Address: 192.168.1.4

------------

Got answer:

HEADER:

opcode = QUERY, id = 4, rcode = NOERROR

header flags: response, want recursion, recursion avail.

questions = 1, answers = 1, authority records = 2, additional = 0

QUESTIONS:

www.banamex.com, type = A, class = IN

ANSWERS:

-> www.banamex.com

internet address = 192.193.230.100

ttl = 681 (11 mins 21 secs)

AUTHORITY RECORDS:

-> www.banamex.com

nameserver = wlbjar331cpxew01.banamex.com

ttl = 1280 (21 mins 20 secs)

-> www.banamex.com

nameserver = wlbcon2263cpxew01.banamex.com

ttl = 1280 (21 mins 20 secs)

And it will cache those nameserver for the next 1280 seconds, and the record for only 11 minuts. Then it has to look it up again, etc. Do a nslookup on your client, set debug and post the output.. And we can see how your client is finding the address for www.banamex.com

  • 2 weeks later...

yeah I doubt you have tried everything, since you have not posted any info about what your machine is resolving.

Please post how exactly your setup to resolve, are you using DNS directly off your client? Did you point them say to opendns or to your ISP, or are you bouncing off your routers IP for dns, which is the common default install?

If using your router -- where does it query for dns? Your ISP, opendns, 4.2.2.2?

If using your router, set your client to query 4.2.2.2 or opendns directly, etc.

Worst freaking case setup a HOST file to point to the site. But without some info from your side, its impossible to help you.. You can complain that you do not understand how it works all day -- does not help us help you.

Please post the output of your client doing a nslookup to the host. This will tell me who your using for dns, and what your getting, etc.

example

C:\Windows\System32>cd\

C:\>nslookup

Default Server: p4-28g.local.lan

Address: 192.168.1.4

> www.banamex.com

Server: p4-28g.local.lan

Address: 192.168.1.4

Non-authoritative answer:

Name: www.banamex.com

Address: 192.193.206.100

As you can see I got a Non-authoritative answer, so it was a cached response. you could use debug which will give us more answers to how your resolving the site, if its wrong.

> set debug

> www.banamex.com

Server: p4-28g.local.lan

Address: 192.168.1.4

------------

Got answer:

HEADER:

opcode = QUERY, id = 8, rcode = NOERROR

header flags: response, want recursion, recursion avail.

questions = 1, answers = 1, authority records = 2, additional = 0

QUESTIONS:

www.banamex.com, type = A, class = IN

ANSWERS:

-> www.banamex.com

internet address = 192.193.206.100

ttl = 1118 (18 mins 38 secs)

AUTHORITY RECORDS:

-> www.banamex.com

nameserver = wlbcon2263cpxew01.banamex.com

ttl = 1718 (28 mins 38 secs)

-> www.banamex.com

nameserver = wlbjar331cpxew01.banamex.com

ttl = 1718 (28 mins 38 secs)

------------

Non-authoritative answer:

------------

Got answer:

HEADER:

opcode = QUERY, id = 9, rcode = NOERROR

header flags: response, want recursion, recursion avail.

questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:

www.banamex.com, type = AAAA, class = IN

------------

Name: www.banamex.com

Address: 192.193.206.100

Also you could flush your local cache, ipconfig /flushdns -- and then try to go to the website.. If still not working, output the what is shown in your local dns cache with /displaydns

example -- flush your cache first, or it will be a very very long list!!

C:\>ipconfig /displaydns

Windows IP Configuration

www.banamex.com

----------------------------------------

Record Name . . . . . : www.banamex.com

Record Type . . . . . : 1

Time To Live . . . . : 863

Data Length . . . . . : 4

Section . . . . . . . : Answer

A (Host) Record . . . : 192.193.206.100

We need "something" to work with to be able to help you!!!! Answers like "Nope, it still do not works." Does not tells us what you did or what your resolving or not resolving the host too, and where your getting the wrong answers from or no answers, etc..

We NEED DETAILS to be able to help you!!! If your resolving the correct IP, then do a traceroute to the site so we can see where its dying, etc. etc.. But what I can tell you is that site is slow as hell from here ;) But it does work.

Edited by BudMan

ok.. Here's what I've got:

C:\>nslookup

Default Server: home

Address: 192.168.1.254

> www.banamex.com

Server: home

Address: 192.168.1.254

Name: www.banamex.com.gateway.2wire.net

Addresses: 200.58.114.187

200.58.114.187

> set debug

> www.banamex.com

Server: home

Address: 192.168.1.254

------------

Got answer:

HEADER:

opcode = QUERY, id = 4, rcode = NOERROR

header flags: response, auth. answer, want recursion, recursion avail.

questions = 1, answers = 1, authority records = 1, additional = 1

QUESTIONS:

www.banamex.com.gateway.2wire.net, type = A, class = IN

ANSWERS:

-> www.banamex.com.gateway.2wire.net

internet address = 200.58.114.187

ttl = 0 (0 secs)

AUTHORITY RECORDS:

-> www.banamex.com.gateway.2wire.net

nameserver = homeportal.gateway.2wire.net

ttl = 41728 (11 hours 35 mins 28 secs)

ADDITIONAL RECORDS:

-> homeportal.gateway.2wire.net

internet address = 192.168.1.254

ttl = 41728 (11 hours 35 mins 28 secs)

------------

------------

Got answer:

HEADER:

opcode = QUERY, id = 5, rcode = NOERROR

header flags: response, auth. answer, want recursion, recursion avail.

questions = 1, answers = 1, authority records = 1, additional = 1

QUESTIONS:

www.banamex.com.gateway.2wire.net, type = AAAA, class = IN

ANSWERS:

-> www.banamex.com.gateway.2wire.net

internet address = 200.58.114.187

ttl = 0 (0 secs)

AUTHORITY RECORDS:

-> www.banamex.com.gateway.2wire.net

nameserver = homeportal.gateway.2wire.net

ttl = 41728 (11 hours 35 mins 28 secs)

ADDITIONAL RECORDS:

-> homeportal.gateway.2wire.net

internet address = 192.168.1.254

ttl = 41728 (11 hours 35 mins 28 secs)

------------

Name: www.banamex.com.gateway.2wire.net

Addresses: 200.58.114.187

200.58.114.187

I flushed the DNS and tried to access the page, but it did not appear in the /displaydns command.

something else I can come up with?

Thanks again BudMan

Well you can tell from this

QUESTIONS:

www.banamex.com.gateway.2wire.net, type = A, class = IN

Name: www.banamex.com.gateway.2wire.net

Addresses: 200.58.114.187

200.58.114.187

That you are using a search suffix of gateway.2wire.net -- and this is resolving to those addresses, so its never actually going to look for the host www.banamex.com -- its looking for www.banamex.com.gateway.2wire.net

Which it gets an answer for -- Addresses: 200.58.114.187, 200.58.114.187

Those are not the right answer, nor is it the right host!

You need to make sure your not using a search list that is adding that 2wire.net on the end..

AUTHORITY RECORDS:

-> www.banamex.com.gateway.2wire.net

nameserver = homeportal.gateway.2wire.net

That may be the name server for the 2wire.net domain -- but that is not what your looking for! Your looking for www.banamex.com

Please post the output of your ipconfig /all -- and it will show us any primary domains you have setup, and what search order your using.

example

D:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dusa5125

Primary Dns Suffix . . . . . . . : pc.us.snipped.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : pc.us.snipped.com

us-chic.snipped.com

us.snipped.com

snipped.com

As you can see my work box here will add these domains to any host I look for..

Example when I nslookup from work for that FQDN www.banamex.com

********

------------

Got answer:

HEADER:

opcode = QUERY, id = 2, rcode = NXDOMAIN

header flags: response, want recursion, recursion avail.

questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:

www.banamex.com.pc.us.snipped.com, type = A, class = IN

AUTHORITY RECORDS:

-> pc.us.snippedl.com

ttl = 60 (1 min)

primary name server = s4de8psazdae100.snipped

responsible mail addr = dnsadmin.snipped.com

serial = 905060017

refresh = 3600 (1 hour)

retry = 1200 (20 mins)

expire = 604800 (7 days)

default TTL = 600 (10 mins)

************

I snipped out my work domains -- no need for everyone to know those ;) but as you can see see from my search list, its adding those domains to the host Im looking for -- but what should NORMALLY happen the nameserver will respond with NXDOMAIN

Which means I don't have a record for that host! And then you continue down your search order until you get an answer, but what is happening with your is this nameserver = homeportal.gateway.2wire.net is answering and saying here are the IPs -- Addresses: 200.58.114.187, 200.58.114.187

Well those are NOT the right ones ;) Nor is that really the host your looking for.. So I would adjust your client to not use a search list that ends with 2wire.net.

To know for sure need to see the output of your ipconfig /all -- but what I would suggest is you remove the primary domain from your machine, and verify that your not doing any suffix searches other than 2-wire.

You could disable it with group policy I do believe, gpedit.msc

Computer Configuration

-Administrative Templates

-Network

-DNS Client Primary DNS Suffix devolution (Disable)

Or off the top, I think you could set this reg key

HKEY_LOCAL_MACHINE\System\CurentControlSet\Services\Tcpip\Parameters\

"UseDomainNameDevolution" = REG_DWORD: 0

Since your not a member of a domain, nor do you run your own local dns with domains you have locally, etc. I would suggest just removing the primary domain from your machine. If its being handed out by your dhcp server? You would need to adjust that to not do that ;) Or set your machine static if not able too.

But that looks to be a BUG in your routers dns, since sending your dns queries there -- you could always just setup your client to directlly query your ISP or your opendns or 4.2.2.2, etc.. -- Since these should respond with NXDOMAIN for anything ending with gateway.2-wire.net, etc.

But you never know -- they could still respond with something, depending on your search order.. You really need to correct your machines dns suffix search.. It should not be tacking on that gateway.2-wire.net to your query for www.banamex.com -- that is the root of your problem. And why your having issues resolving the correct host -- be it a bug in your routers dns or not.. Your not wanting to search for www.banamex.com.gateway.2-wire.net, your wanting to search for www.banamex.com ONLY!!

edit: The reason I suggest turning off your devolution, or just removing your machine from a primary domain and or change your dhcp not to hand it out.. Is you could be having issues with more sites than just this one. This is the one you have noticed -- but you could be having issues with other hosts your trying to find.

Most home users have no need of a search order in their dns queries.. where it helps is when your in an AD, or your always looking for hosts in the same domain, this way you can just the host name, vs having to use the FQDN..

For example if your machine was a member of local.lan domain and using that as a suffix search -- you could query for box1 vs having to query for the FQDN box1.local.lan, Normally this is not the issue since when your looking for say www.google.com and you query your local dns for www.google.com.local.lan you get error response NXDOMAIN, and your dns client moves on! and then queries for www.google.com which your dns will send forward or query the roots for, since it is not a owning server for google.com, etc.

If there is anything you do not quite understand -- please let me know and will try a different way of explaining it ;)

Edited by BudMan
  BudMan said:
Well you can tell from this

QUESTIONS:

www.banamex.com.gateway.2wire.net, type = A, class = IN

Name: www.banamex.com.gateway.2wire.net

Addresses: 200.58.114.187

200.58.114.187

That you are using a search suffix of gateway.2wire.net -- and this is resolving to those addresses, so its never actually going to look for the host www.banamex.com -- its looking for www.banamex.com.gateway.2wire.net

i know, i saw.....just making a suggestion to check for the crap of it....carry on.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Rick-LAP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

Physical Address. . . . . . . . . : 00-1E-4C-E4-B0-68

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Ca

rd

Physical Address. . . . . . . . . : 00-1F-3A-50-17-4B

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::9591:14f7:3d05:f349%12(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Friday, June 05, 2009 12:16:25

Lease Expires . . . . . . . . . . : Saturday, June 06, 2009 12:16:26

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DHCPv6 IAID . . . . . . . . . . . : 218111802

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-B6-71-1C-00-1D-09-3A-FC-AE

DNS Servers . . . . . . . . . . . : 192.168.1.254

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetLink Fast Ethernet

Physical Address. . . . . . . . . : 00-1D-09-3A-FC-AE

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D9D24388-EF7C-4A6A-9796-154D6186DF4A}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e50:880:3929:4257:9582(Prefe

rred)

Link-local IPv6 Address . . . . . : fe80::880:3929:4257:9582%15(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

---------------------------------------------------------------------------------------------------------

Hosts and LMHOSTS are empty (no entries, just the usual comments)

Ok, hope this helps, because I understood only half of what you said.

Thanks again

Well here is your issue

DNS Suffix Search List. . . . . . : gateway.2wire.net

You need to make that go away.

Connection-specific DNS Suffix . : gateway.2wire.net

Do you have something set here? For your connection

post-14624-1244225144_thumb.jpg

Your problem is your adding on gateway.2wire.net to everything you try and lookup.. You need to turn this off, you either have it hard coded or your dhcp server is handing it out.

Other than that - I doubt you have any reason to have IPv6 enabled -- I would disable it, since it serves no purpose at all if your not specifically using.. Uncheck the IPv6 protocol from your connection properties, or better yet disable it completely in the registry.

But your issue with this website is your search list.. You need to turn that off, since your router dns is returning an address for www.banamex.com.gateway.2-wire.net. So you never actually look for just www.banamex.com

edit: Quick easy fix, do this

From a command prompt

D:\>nslookup

Default Server: dlisil01aut01

Address: 53.249.190.1

> server 4.2.2.2

Default Server: vnsc-bak.sys.gtei.net

Address: 4.2.2.2

> www.banamex.com

Server: vnsc-bak.sys.gtei.net

Address: 4.2.2.2

Non-authoritative answer:

Name: www.banamex.com

Address: 192.193.206.100

If that resolves correctly set your dns to use 4.2.2.2

post-14624-1244226334_thumb.jpg

Edited by BudMan

Thank you very much BudMan... now it works... ;P

I assume I have to do the same thing on my desktop? and that my iPhone will always go to ferozo? (I dont care about the iPhone, I do not do my banking there)

Now.. for the last part, the NSLOOKUP, SERVER and stuff... care to explain in plain English what that did? just so I know

Thank you very very much

Rick

I just wanted to verify that you could do a lookup to another nameserver and get the correct response, before I told you to change your clients dns server. that server 4.2.2.2 command just told nslookup to ask 4.2.2.2 the questions, not machines default dns which is your router 192.168.1.254

You did set your machine to use 4.2.2.2 like the picture? If not you maybe just cached the correct entry and once that times out your going to have the same problem.. You need to set your computer to use a different dns server like 4.2.2.2

Or fix the problem of that suffix search list being set to .gateway.2-wire.net, you adding this to everything you search for.. Do another nslookup for say www.neowin.net

nslookup

>set debug

>www.neowin.net

you will see the question for www.neowin.net.gateway.2-wire.net With a response of NXDOMAIN, which is the correct answer.

See when I ask that 4.2.2.2 dns server it responds with NXDOMAIN

> www.banamex.com.gateway.2-wire.net

Server: vnsc-bak.sys.gtei.net

Address: 4.2.2.2

*** vnsc-bak.sys.gtei.net can't find www.banamex.com.gateway.2-wire.net: Non-existent domain

So if your client is set to use 4.2.2.2 as its dns your client can move on, and ask for just www.banamex.com, but for some reason your router dns forwarder/server is answering when you ask it for www.banamex.com.gateway.2-wire.net

So the correct fix would be to figure out why your router is doing that?? It should NOT, you do not have any entries on your router do you? From the manual looks like you can had hosts to the routers dns server.

post-14624-1244296296_thumb.jpg

Changing your client to use 4.2.2.2 is what have been saying to do from the start of this thread, have your client use a different nameserver.. With your current suffix search list and your routers dns service, there seems to be a bug where it returns an address for www.banamex.com.gateway.2-wire.net what it should do is NXDOMAIN, and your machine would ask for www.banamex.com and it would then forward that to your isps dns, etc. and get the correct IP for it.

But the CORRECT fix would be to remove that suffix search list, you have NO need of it NONE!! And your adding that .gateway.2-wire.net to everything you look up!

You either need to setup your router not to hand that connection specific domain, gateway.2-wire.net out with dhcp, or you need to setup your machine with a static IP and not set that. Or just set your client to use a different dns server.. Which is what that 4.2.2.2 address is -- its a public dns server.

but currently with a suffix search list of gateway.2-wire.net every single query you do will ask for whateveritis+gateway.2-wire.net

And your issue is when you ask your router for www.banamex.com.gateway.2-wire.net its responding with an IP when it should not - its should respond with NXDOMAIN.

  • 2 weeks later...

BudMan:

After the 4.2.2.2 affair, everything was working... then somehow I got into the MDC section of my router and THERE, under the DNS part was the problem (I know you posted a screen shot, but never could get in there on my own).

Now the question arise: How come I got the wrong IP in there???

Anyhow, I erased the entries and returned the system to normal (removed 4.2.2.2) and now I can get into Banamex without trouble.. (and bookmarked the router settings just in case)

Thank you very much for your patience..

Rick.

Now on to open another post on a (completely) different topic.

So you had a IP set for the banamex host, or you had the search order listed?

As to how a entry would get there for a host pointing to an IP? You would of had to put them there.

Where there lots of sites? Its not impossible that a malware/worm of some sort exploited your router and added entries for bank related sites, etc. for phishing purposes.

@BudMan: I never made those changes.

@Chr1zt1an: Did not know about that attack, and I do not have an account with Banamex.. The urgency of using it, is because somehow, it's the preferred place to check rate changes for a lot of people, even before "Banco de Mexico" (it's faster too)

Only Banamex was listed in the sites list... and I can only have 2 ideas as to how it got there... Banamex has been the target of various attacks and phishing mails etc. So either it is as Chr1zt1an told, an attack send to various modems/routers (have not read the article he pointed yet) or it was set there by Telmex to skip a phishing attack and it just stopped working.

Thank you both

Rick

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Windows 11 is getting a useful new audio feature by Taras Buria Photo: phamtu1509 Windows 11, in its current form, does not offer a quick and easy way to play audio over more than one device. If you have a bunch of audio devices connected and you want to play music on all of them, you have to tinker with third-party software to make it work. Apparently, Microsoft wants to change that with a new feature coming soon to Windows 11. @phantomofearth, the ever-giving source of Windows insights, discovered that the latest Windows 11 preview builds have a hidden toggle in quick settings that lets you share audio to multiple devices with just a few clicks. All it takes is clicking "Shared Audio" in the control center, selecting two or more available devices, and pressing "Share." As usual, there are no official announcements yet, so details about this feature remain unknown. Still, you can probably expect the new shared audio feature to make it to a Windows 11 preview build in the near future. In other Windows Insider news, Microsoft recently revealed that one of the recent taskbar changes was pulled from the operating system due to negative feedback. The company experimented with a simplified taskbar tray area, but later decided to nuke it because people did not like it. Still, there are plenty of other features coming soon to Windows 11. Check out our recent top 10 list here. Hopefully, all of them will make it to the Stable channel soon.
    • Chinese? It sounds extremely dangerous. I’ll reconsider buying a Meta Quest 3.
    • - What's your salary? Is it more than $100k a year? - Nah, it's $100 mil a year.
    • Compared to my ear buds which are the size of a matchbox, cover a much broader frequency range, and work everywhere without setup? Yeah, still not buying this as a replacement.
    • Meta's Superintelligence team staffed by 50% Chinese talent, 40% ex-OpenAI by Hamid Ganji Mark Zuckerberg's latest big bet at Meta involves building a team of the best AI superstars in the market to lead the so-called Superintelligence Labs. The goal of this team is to develop AI models that will ultimately lead to Artificial General Intelligence (AGI). AGI refers to an AI model with capabilities comparable to, or even beyond, those of the human brain. Achieving human-level cognitive abilities with an AI model requires substantial investments, as well as hiring the best talent to build such a system. That's why Meta is throwing hundreds of millions of dollars at AI researchers from OpenAI, Apple, and other companies to recruit them for its Superintelligence team. A user on X has now shared a spreadsheet that provides us with some unique insights into Meta's Superintelligence team and the origins of its 44 employees. The leaker claims this information comes from an anonymous Meta employee. The listing claims that 50 percent of the staff at the Superintelligence team are from China, which demonstrates the significant role of Chinese or Chinese-origin researchers in Met's AI efforts. Additionally, 75 percent of these staff hold PhDs, and 70 percent of them work as researchers. Interestingly, 40 percent of the staff are ex-OpenAI employees whom Mark Zuckerberg poached from the maker of ChatGPT. Additionally, 20 percent of Meta's Superintelligence team members come from Google DeepMind, and another 15 percent come from Scale AI, a startup that Meta recently acquired in a $15 billion deal. Another interesting point is that 75 percent of the Superintelligence team are first-generation immigrants. The leaker claims that each of these employees is now earning between $10 million and $100 million per year, although Meta still needs to confirm these substantial figures. However, it has already been reported that Meta is offering up to $100 million in signup bonuses to poach the best AI talent from OpenAI and other rivals. The revelation that half of Meta's Superintelligence team consists of Chinese nationals could trigger concerns within the Trump administration and Congress.
  • Recent Achievements

    • First Post
      nobody9 earned a badge
      First Post
    • One Month Later
      Ricky Chan earned a badge
      One Month Later
    • First Post
      leoniDAM earned a badge
      First Post
    • Reacting Well
      Ian_ earned a badge
      Reacting Well
    • One Month Later
      Ian_ earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      ATLien_0
      207
    3. 3
      Michael Scrip
      206
    4. 4
      Xenon
      138
    5. 5
      +FloatingFatMan
      112
  • Tell a friend

    Love Neowin? Tell a friend!