From lenlynch at pobox.com Sat Oct 21 09:46:50 2017 From: lenlynch at pobox.com (LenLynch) Date: Sat, 21 Oct 2017 11:46:50 -0500 Subject: [Netalyzr] (no subject) Message-ID: Thank you for providing Netalyzr !! I did a google site search against the list archive site and it didn't turn-up any hits for this topic. Sorry if I've overlooked it in advance. I use your tool from when I need a point of comparison between different networks that I regularly frequent, and on my home network as I make changes to it, or I detect that my ISP maybe making changes to the service. I'm going to supply some information in the hope of getting this clarified and answered not only for myself, but other practitioners that may experience the same or similar results. I haven't run it for several months, and I'm seeing a new warning message: http://n1.netalyzr.icsi.berkeley.edu/summary/id=369839a0-28305-b7145e70-f899-4c8e-8361#DNSLookup Quoting the warning section: 2 popular names have a significant anomaly. The ownership suggested by the reverse name lookup does not match our understanding of the original name. This could be caused by an error somewhere in the domain information, deliberate blocking or redirection of a site using DNS, or it could be that your ISP's DNS Server is acting as a DNS "Man-in-the-Middle". We attempted to download HTTP content from the IP addresses that your ISP's DNS server returned to you for these names. Where the download succeeded, you can click on the IP address in the table below to download a compressed file containing an HTTP session transcript. *Note!* The session content is potentially harmful to your computer when viewed in a browser, so use caution when examining it. Name IP Address Reverse Name/SOA www.chase.com 159.53.113.168 SOA: dns512587sm02.[...]s.jpmchase.net chaseonline.chase.com 159.53.74.30 SOA: dns512587sm02.[...]s.jpmchase.net I agree that there are missing reverse DNS records for these DNS names. But the IP address ranges are under the control of the company. So this would appear to be a false positive being reported. Proof is supplied. $ whois 159.53.74.30 ... NetRange: 159.53.0.0 - 159.53.255.255 CIDR: 159.53.0.0/16 NetName: JMC NetHandle: NET-159-53-0-0-1 Parent: NET159 (NET-159-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: JPMorgan Chase & Co. (JMC-39) RegDate: 1992-03-06 Updated: 2012-02-24 Ref: https://whois.arin.net/rest/net/NET-159-53-0-0-1 OrgName: JPMorgan Chase & Co. OrgId: JMC-39 Address: 120 Broadway City: New York StateProv: NY PostalCode: 10271-1999 Country: US RegDate: 2006-11-21 Updated: 2017-10-19 Ref: https://whois.arin.net/rest/org/JMC-39 I appreciate the depth of the tests and I applaud the checks for DNS functionality. They provide real value to the tester. If any variation in forward/reverse lookup will cause this warning, maybe this should be a tunable feature of the tool? If there is more to this warning that should be investigated supplying a pointer to better and more complete information should be provided in the tool. Thanks in advance for responding, -LenLynch Realizes: "Culture eats technology for breakfast..." -Russ White -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/netalyzr/attachments/20171021/c2d43abb/attachment.html