OT (or maybe not) - what happened to lxer.com?

OT (or maybe not) - what happened to lxer.com?

shimi linux-il at shimi.net
Sat Feb 19 21:17:41 IST 2022 

On Sat, Feb 19, 2022 at 7:04 PM Shlomo Solomon <shlomo.solomon at gmail.com>
wrote:

> Yehuda Deutsch - if you mean whois, I also get a normal response:
>    Domain Name: LXER.COM
>    Registry Domain ID: 109446700_DOMAIN_COM-VRSN
>    Registrar WHOIS Server: whois.enom.com
>    Registrar URL: http://www.enomdomains.com
>    Updated Date: 2022-01-06T10:42:51Z
>    Creation Date: 2004-01-06T22:15:59Z
>    Registry Expiry Date: 2023-01-06T22:15:59Z
>    Registrar: eNom, LLC
>
>
>
> But the site is not there. As Geoff Shang wrote, the site looks
> like a landing site of some kind.
>
>
I didn't know the site, but it doesn't look like a parking page for
upselling an expired domain.

Let's try to be more constructive in debugging this. First - are you
getting to the site as published by the site's owner.

First, you learn from WHOIS (and also from 'dig @a.gtld-servers.net ns
lxer.com') that the nameservers for this site are: ns1.wmkt.net
[66.232.124.26] ns2.wmkt.net [66.232.124.28] ns3.wmkt.net [66.232.124.30]

Then you follow by 'dig @ns1.wmkt.net lxer.com'. You should be getting:

$ dig @ns1.wmkt.net lxer.com

; <<>> DiG 9.16.25 <<>> @ns1.wmkt.net lxer.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1540
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lxer.com.                      IN      A

;; ANSWER SECTION:

*lxer.com <http://lxer.com>.               3600    IN      A
      66.232.124.26 *
;; AUTHORITY SECTION:
lxer.com.               3600    IN      NS      ns3.wmkt.net.
lxer.com.               3600    IN      NS      ns1.wmkt.net.
lxer.com.               3600    IN      NS      ns2.wmkt.net.

;; ADDITIONAL SECTION:
ns1.wmkt.net.           86400   IN      A       66.232.124.26
ns2.wmkt.net.           86400   IN      A       66.232.124.28
ns3.wmkt.net.           86400   IN      A       66.232.124.30

;; Query time: 183 msec
;; SERVER: 66.232.124.26#53(66.232.124.26)
;; WHEN: Sat Feb 19 21:13:12 IST 2022
;; MSG SIZE  rcvd: 163

Now, run just 'dig lxer.com' - do you get the same IP? If not,
something/someone is messing with your DNS. In that case make sure that the
SERVER line indeed has the correct IP address I mentioned above (that I got
from the glue records provided for wmkt.net by a.gtld-servers.net)

If you do get the same IP, someone can still be messing with your traffic,
because that site is HTTP and not HTTPS, so really no one can guarantee
you're in fact talking with 66.232.124.26...

HTH,

-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20220219/63c1adc2/attachment.html>

More information about the Linux-il mailing list