Web Hosting Talk : Other Forums : Web Hosting Lounge : New Client - Weird Problems

[SamOwen]

I got a new client and their old host was their ISP (my ISP also). They (client) contacted me about their website being inaccessible to anyone outside of our local region. After running a whois on their domain, it turns out their domain wasn't even registered anywhere! I thought this was strange since I could access it by typing in their domain in my browser. I used a proxy to try to get to their domain and I got a 404. I went ahead and registered their domain and got them a new host. Now their site is accessible to the world as it should be. Their old host still has a redirect for anyone in our local region. So if I visit clientsite.com I get the old site hosted by my ISP. The only way to get to the real clientsite.com is to go via proxy.

That got me wondering how my ISP was directing all requests for my client's domain to their version. I contacted them and asked them if they could turn off whatever was causing the reidrect and they told me some long-winded story of how it would be very difficult because they would have to change domain name allocation tables, blah, blah, blah and that I needed to send them the nameservers of the new host so they could replace it with what they currently have. To me it looked like a simple virtual host situation. My ISP is known for being less than competent. I sent the new nameserver info weeks ago, nothing has changed. I'm no server guru and I'm wondering if what they told me was correct.

[Webdude]

Tell them to dump their cache server.

[Amish_Geek]

Looks like when the ISP set the client up, they set the domain info in their own DNS servers. They probably assumed that the client had already registered the domain and pointed it to their nameservers.

They are probably too lazy to change their DNS server entries, especially since many ISP's don't have fancy control panels to manage everything, so they are managed by hand & config files. All they need to do is delete the entry from their DNS configs, and their dns server will properly search/route the domain (just like it does for domains like google and yahoo).

You don't need to view the domain via proxy, the only reason your computer brings up the ISP's server for the clients domain is because you are using your ISP's DNS server. If you go to your network settings, edit your tcp/ip settings and manually set your DNS servers to match your hosts name servers, or any other public nameservers (4.2.2.1 and 4.2.2.2 work well) and you will be able to browse normally.

I've always wondered what would prevent a malicious system administrator to transparently "phish" for info. All it would take is to update the ISP nameservers to route www.paypal.com to their own webserver, and there would be no way to detect it is a phishing site. Because customers on their network would type in "ping www.paypal.com" and it would resolve to the ISP's server IP directly. Just like your clients domain resolves to the ISP's server, instead of the server the site currently sits on.

And I know plenty of shady people that worked for ISP's. People who have been arrested by the FBI for hacking (actually hacking and taking down networks). One individual actually set up a filter to be able to read AIM conversations that were going on through his (the ISP's) network.

[SamOwen]

So is that all I need to tell them -- To delete the entry from their DNS servers? The guy I spoke to brought up something about domain name allocation tables needing to be changed, is that the same thing? And that they need the new host's nameservers to replace their own. Do they need that info?

Quote:

I've always wondered what would prevent a malicious system administrator to transparently "phish" for info. All it would take is to update the ISP nameservers to route www.paypal.com to their own webserver, and there would be no way to detect it is a phishing site. Because customers on their network would type in "ping www.paypal.com" and it would resolve to the ISP's server IP directly. Just like your clients domain resolves to the ISP's server, instead of the server the site currently sits on.

And I know plenty of shady people that worked for ISP's. People who have been arrested by the FBI for hacking (actually hacking and taking down networks). One individual actually set up a filter to be able to read AIM conversations that were going on through his (the ISP's) network.

This precisely why I don't want to get on their bad side. I don't want them redirecting my own site to something on their servers.

[Amish_Geek]

Correct, all they need to do is delete the domain from their DNS servers.

Domain Name Allocation Tables is just them blowing smoke up your butt. From what I know, there is no such thing as domain name allocation tables. Sounds like they are playing off of "File Allocation Tables" from the FAT file system that windows/dos used to use before NTFS.

[SamOwen]

Thanks for the help. I am going to do as suggested.


On a side note...

Quote:

You don't need to view the domain via proxy, the only reason your computer brings up the ISP's server for the clients domain is because you are using your ISP's DNS server. If you go to your network settings, edit your tcp/ip settings and manually set your DNS servers to match your hosts name servers, or any other public nameservers (4.2.2.1 and 4.2.2.2 work well) and you will be able to browse normally.

Thanks for that. I never knew you could do that! Will using this break anything? Web browsing? Security? etc...

[guyellis1988]

All it will do is make your pc use different dns servers - infact if you do this do an ipconfig /flushdns and try browse to the site, if you get the new/proper version it will prove that its just your ISP's dns server.

Another option is run your own dns server - google for treewalk dns, i personally find running that on my local machine much quicker thn using any external name servers.