this post was submitted on 20 Jul 2023
26 points (90.6% liked)

Selfhosted

40441 readers
785 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
26
submitted 1 year ago* (last edited 1 year ago) by aesir to c/selfhosted
 

Hi,

What to do if the domain name of one of my webserver, that me and some lab members use for work related stuff, is no longer resolved by our university DNS? When I first noticed it, I could see no resolution at all while now the domain resolves to a wrong IP. The site can be normally reached on any other network so there is no problem on my side I think.

Should I just wait (now more than 24 hours) or should I try anything? I am entitled to complain to our IT even though the issue is only with this not-really-professional FreeDNS subdomain?

EDIT: apparently some automatism marked this domain as malicious (absolutely it is not, not willingly and not compromised) and somehow DNS resolves to CNAME sinkhole.paloaltonetworks.com.

you are viewing a single comment's thread
view the rest of the comments
[–] MaxVerstappen 6 points 1 year ago (2 children)

Sounds like your university is using a Palo Alto Next Gen Firewall which is intercepting DNS requests and responding with the sinkhole FQDN for anything they deem malicious or suspicious. You can try to override this with DNS over HTTPS but they may also be blocking that. Standard security stuff. You can also probably try to open an IT ticket and request that they whitelist the domain.

[–] aesir 1 points 1 year ago (1 children)

So it seems. Do you think this was from the detected user activity? A colleague reported it was using it and it stopped working from one second to the next. Maybe some of his traffic looked suspicious? I am opening a ticket in any case today.

[–] MaxVerstappen 3 points 1 year ago

That is possible as well. Those firewalls are capable of packet inspection. If you are using personal devices it won't be able to see much if you are using encryption in transit but if you are using University provided machines there is a good chance they can inspect all the data you are sending and receiving.