DNS Resolving to Weird IP Address

Hi,

I’ve setup my website on Cloudflare yesterday and having some problems with the subdomains dns.

What i’ve done is created the subdomain, ww.infinitesweeps.com to allow some scripts to run jobs directly on the server.

This subdomain is newly created (there should be no caching involved).

When I ping this newly created subdomain, it resolves to an incorrect ip address:

Pinging ww.infinitesweeps.com [198.105.244.23] with 32 bytes of data:

Last night I thought “Maybe I visited the link once before I put the correct DNS record in”.

The Cloudflare ip my account has been assigned is ‘104.18.49.130’

This morning, i’ve pinged the subdomain from different computers that 100% sure have never accessed this subdomain and still resolve to this ip address.

Can anybody help me? What is going on?

Your naked domain currently is not proxied and points to the actual server, whereas your “www” host is proxied and points to Cloudflare.

Is that the correct setup?

What about that 198 address? That is a “ww” host, however it also resolves to your actual server.

Can you post the output of the following commands?

ping infinitesweeps.com
ping www.infinitesweeps.com
ping ww.infinitesweeps.com

nslookup infinitesweeps.com
nslookup www.infinitesweeps.com
nslookup ww.infinitesweeps.com

nslookup infinitesweeps.com 1.1.1.1
nslookup www.infinitesweeps.com 1.1.1.1
nslookup ww.infinitesweeps.com 1.1.1.1

type %SystemRoot%\System32\drivers\etc\hosts

Hi Sandro,

Yes, this is correct with the domain setup and how they are pointing right now. Once i’ve got everything fully transferred over I will update the domain.com to point correctly too.

domain.com = 184.95.46.18 (correct, original server)
ww.domain.com = 198.105.244.23 (incorrect, I have no clue where this ip came from)
www.domain.com = 104.18.49.130 (correct, Cloudflare CDN)

Running the same queries with nslookup, provides the same data, but like this:

nslookup infinitesweeps.com
Server: modem.Home
Address: 192.168.0.1

Non-authoritative answer:
Name: infinitesweeps.com
Address: 184.95.46.18

What do you mean by that is a “ww” host? Is maybe the ww subdomain restricted and used by Cloudflare for something else?

Run the posted commands and post their exact output.

C:\Users\Steve>ping infinitesweeps.com

Pinging infinitesweeps.com [184.95.46.18] with 32 bytes of data:
Reply from 184.95.46.18: bytes=32 time=8ms TTL=56
Reply from 184.95.46.18: bytes=32 time=8ms TTL=56
Reply from 184.95.46.18: bytes=32 time=8ms TTL=56
Reply from 184.95.46.18: bytes=32 time=8ms TTL=56

Ping statistics for 184.95.46.18:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 8ms, Average = 8ms

C:\Users\Steve>ping www.infinitesweeps.com

Pinging www.infinitesweeps.com [104.26.5.216] with 32 bytes of data:
Reply from 104.26.5.216: bytes=32 time=17ms TTL=57
Reply from 104.26.5.216: bytes=32 time=18ms TTL=57
Reply from 104.26.5.216: bytes=32 time=17ms TTL=57
Reply from 104.26.5.216: bytes=32 time=17ms TTL=57

Ping statistics for 104.26.5.216:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 18ms, Average = 17ms

C:\Users\Steve>ping ww.infinitesweeps.com

Pinging ww.infinitesweeps.com [198.105.244.23] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 198.105.244.23:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Steve>
C:\Users\Steve>nslookup infinitesweeps.com
Server: modem.Home
Address: 192.168.0.1

Non-authoritative answer:
Name: infinitesweeps.com
Address: 184.95.46.18

C:\Users\Steve>nslookup www.infinitesweeps.com
Server: modem.Home
Address: 192.168.0.1

Non-authoritative answer:
Name: www.infinitesweeps.com.Home
Addresses: 198.105.244.23
198.105.254.23

C:\Users\Steve>nslookup ww.infinitesweeps.com
Server: modem.Home
Address: 192.168.0.1

Non-authoritative answer:
Name: ww.infinitesweeps.com.Home
Addresses: 198.105.244.23
198.105.254.23

C:\Users\Steve>
C:\Users\Steve>nslookup infinitesweeps.com 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1

Non-authoritative answer:
Name: infinitesweeps.com
Address: 184.95.46.18

C:\Users\Steve>nslookup www.infinitesweeps.com 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1

Non-authoritative answer:
Name: www.infinitesweeps.com
Addresses: 104.26.4.216
104.26.5.216

C:\Users\Steve>nslookup ww.infinitesweeps.com 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1

Non-authoritative answer:
Name: ww.infinitesweeps.com
Address: 184.95.46.18

C:\Users\Steve>

So it is not “ww” like mentioned in your original posting?

There seems to be some issue with your router and its resolver. Can you reboot your router?

Your naked domain resolves fine, however your “ww” host resolves to that 198 address. With your “www” host the situation is even more strange, as it resolves to that 198 address as well, however a ping gets the right IP address.

What about the last command I posted?

I have the records in my hosts file for the www versions, as I am cached for these.

It looks like the DNS is pointing correctly, maybe it will just need some more time.

The problem is, it’s not just my modem that is having this problem resolving the wrong ip, it’s a few servers and even the main server that i’m trying to run the cron jobs from.

Thank you for your help! I will investigate more and see if there is anything I can do.

First remove these hosts entries, as they falsify the lookups. Second, maybe it is a propagation issue with your router and your servers too.

The ww host should not resolve to that 198 address. Here are the DNS records, as inputted into Cloudflare since the beginning:

www = 184.95.46.18 (Cloudflare Protected)
ww = 184.95.46.18 (NOT Cloudflare PROTECTED)
@ = 184.95.46.18 (NOT Cloudflare PROTECTED).

Ya, it’s like something strange is going on with the dns

That is what DNS currently returns. If you dont get that it is probably a propagation issue and I’d suggest to flush the cache or wait alternatively.

When Cloudflare has the TTL set to Automatic, what is the TTL actually being set at? I would think that by having these records set for over 12 hours, I shouldn’t be dealing with caching issues.

My DNS for the www record was previously set to a TTL of 48 hours.

The ww record never existed and has only been created through Cloudflare.

That might be the reason.

Yes, this is the reason why I have the www record in my hosts file… but what about the ww record? I am going to try a few more things and see if I can see anything here. Thank you again for all of your help!

Well, DNS is properly set. These issues are local.

2 Likes

Hi Sandro,

It just happened again! Instead of trying to figure this all out, I just tried to create ww2.infinitesweeps.com

I just now created it and then pinged it and it says:

Pinging ww2.infinitesweeps.com [198.105.244.23] with 32 bytes of data:

That is incorrect.

If this is happening for me, who else is it happening for?

Why is it resolving incorrectly for me when I create new subdomains?

I created an A record for ‘ww2’ with a TTL of 1 hour and pointing to IP address 184.95.46.18

To everyone who has the same local issue as you :slight_smile:

I am afraid that topic is a bit beyond the scope of the forum here. You will simply need to check why your router resolves the wrong address. The record itself is properly set up and resolves to the right address -> http://sitemeer.com/#ww2.infinitesweeps.com

Hi Sandro,

It’s strange, here’s what I found out in order:

  1. if I were to ping “abc.infinitesweeps.com” it would say host not found.
  2. if I were to create “abc.infinitesweeps.com” in the Cloudflare DNS and attempt to re-ping, the dns would point to 198.105.244.23 (an incorrect ip address).
  3. if I create the subdomain 'abc.infinitesweeps.com" in my old DNS provider and re-ping, the dns will point correctly to 184.95.46.18

The strange part is that by creating the subdomain in Cloudflare, it then propagates for the other provider as i’m cached.

Who knows, i’ve had enough dns fun for the day. Thanks again.

When did you move the domain to Cloudflare? The TTL for NS records in the .com TLD is 2 days. And your old DNS service could have had any TTL on the authoritative NS records. Your resolver could have the old service’s NS records cached.

This page says that IP address is what CenturyLink’s DNS resolver replaces NXDOMAINs with:

Hi Mnordhoff,

I moved it last night, so about 18 hours ago.

Thank you for the link! I think you are right about the ns records. Those also have a cache time of 48 hours.

I think I was a little confused when creating the records and then them resolving. I have never seen this happen, but I have also not done a dns move like this.

I have created the records in the old dns provider and it looks to be resolving correctly now.

Thanks!