Actually I had done a traceroute on dnschecker.org from my daughter's windows machine (on my BIL's network) after I last posted. It is attached. I think it was to either duckduckgo.com, google, or maybe another search site. I also did some ipconfig commands and recorded in some text files (then realized a better word processing program would save better). I also went to IP Tracker and ipleak.net. On IPleak.net it registered like 27 DNS addresses. When using my cell data on my own machine, I get 1 DNS address on that site. Is that at all unusual? Please let me know if those records are also useful to send.

Lastly, to clarify about utopia.net, it hasn't been popping up in the past month or so. But on my kids machine, I would input a URL into the browser, and see in the lower LH corner 'resolving host..' and either just after or at the same time '....utopia.net'

Over the past month I also worked on my own machine. When I changed OS I found on a fresh install, my DNS was routing to utopia.net (even after not using my BIL's network). It seemed to be associated with the gigabit card. I got curious after remembering the browser texts I mentioned above, on my kids' machine. I got curious and researched utopia.net. That let to me finally doing some fiddling and was able to change drivers and erase difficult-to-access HDD partitions, and through the command line, and linux OS I got it off my machine. I did the chattr +i command for my /etc/resolv.conf and other efforts to make sure it didn't revert. It has certainly gotten me more familiar with Linux than I was.

Anyway, curious to hear your thoughts.

Thanks,
Joseph




Nov 22, 2020, 5:02 PM by talk@gtalug.org:

Depending on what kind of problems you're seeing, you probably want to do a traceroute from a network where you have good performance/reliability to someplace distant (I use slashdot.org (:-)), land then again from the doubtful network.

The names you see are sometimes clear...

[davecb@miles Networking]$ traceroute slashdot.org

traceroute to slashdot.org (216.105.38.15), 30 hops max, 60 byte packets
 1  _gateway (192.168.7.1)  0.409 ms  0.402 ms  0.246 ms
 2  10.0.0.1 (10.0.0.1)  2.168 ms  2.784 ms  2.962 ms
 3  99.240.238.1 (99.240.238.1)  19.416 ms  14.751 ms  14.897 ms
 4  8081-dgw01.ym.rmgt.net.rogers.com (67.231.222.137)  19.446 ms  14.282 ms  14.152 ms
 5  69.63.249.221 (69.63.249.221)  19.653 ms  19.892 ms  19.737 ms
 6  209.148.235.218 (209.148.235.218)  14.454 ms  18.395 ms  18.287 ms
 7  ae58.bar3.Toronto1.Level3.net (4.59.180.41)  34.759 ms  34.188 ms  34.265 ms
 8  ae-2-3611.edge2.NewYork6.Level3.net (4.69.209.82)  40.920 ms  41.218 ms  41.547 ms
 9  * * *
10  los-edge-08.inet.qwest.net (67.14.22.202)  103.209 ms  96.349 ms  102.989 ms
11  65-126-18-126.dia.static.qwest.net (65.126.18.126)  94.487 ms  94.216 ms  83.169 ms
12  br05-te0-0-1-6.lwdc.americanis.net (207.158.62.109)  82.873 ms  82.800 ms  83.479 ms
13  ar07-te13-3.lwdc.americanis.net (209.216.192.66)  83.737 ms * *
14  216.105.38.15 (216.105.38.15)  89.270 ms  83.401 ms  83.303 ms


For example, 8081-dgw01.ym.rmgt.net.rogers.com is Rogers, etc. For missing or more obscure names, use command-line whois with the IP address:

[davecb@miles Networking]$  whois 69.63.249.221 
[Querying whois.arin.net]
[whois.arin.net]
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#

NetRange:       69.63.240.0 - 69.63.255.255
CIDR:           69.63.240.0/20
NetName:        ROGERS-COM-INFR
NetHandle:      NET-69-63-240-0-1
Parent:         NET69 (NET-69-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS812
Organization:   Rogers Communications Canada Inc. (RCC-184)
RegDate:        2008-05-01
Updated:        2017-01-06
Ref:            https://rdap.arin.net/registry/ip/69.63.240.0

You will get two things:

  1. Who it passes through, eg, Utopia, Bell or Rodgers
  2. How long it takes to get to each new network

I have a script that subtracts the lines of three sample times from one another, but eyeballs work well, too (;-))

I'd be curious to see which Utopia you get: Mumbai or Utah (;-))

--dave



On 2020-11-22 2:45 p.m., Joseph Rocklin via talk wrote:
Sorry. My wife and I are trying to discern if my BIL's network was a problem in the past. It has been the family's network. The kids and her computer in the past had routed via utopia.net when we entered in addresses or search terms. I am trying to see if there is anything wrong with my BIL's network now. I am a bit suspicious based on what I read about utopia.net. My wife wants me to find more significant findings before she allows herself to question matters. I don't know all that much except that utopia.net was noted as a malware site on many searches I've done.


Nov 22, 2020, 2:29 PM by talk@gtalug.org:
On 2020-11-22 2:13 p.m., Joseph Rocklin via talk wrote:
Hi all,

I just tried a reverse dns lookup on whoismydns.com for my wife's  computer on a family-member's network.

Result:
DNS Server: 67.231.208.167
Reverse DNS: pub-cdns3-wlfdle-eth1.rpub.net.rogers.com
IP Owner: Rogers

Does this seem correct? I have my dns settings set on my machine and I get my expected DNS results on my machine on this family member's network. Is there any reason to be concerned here?

I had noticed a while back, before upgrades on this family member's network, that utopia.net was being used as the DNS server. It was on more than one machine that used that network. Now I'm wondering if somehow this network was routing, in a still-problematic way, but just via a local address?

I may have confused some concepts as I am just getting my feet wet with this topic of DNS servers.

If anyone has suggestions to confirm if the network is properly setup, please let me know.

Why are you looking up the DNS, when you want to look up your wife's computer?  Look up her WAN address.
Her host name should be something like cpe<router MAC>-cm<modem MAC>.cpe.net.cable.rogers.com.  Host name changed to protect the guilty. ;-)

She should also have IPv6 addresses.

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk


---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dave.collier-brown@indexexchange.com |              -- Mark Twain