Google Public DNS resolving incorrect IP addresses

[fran...@breathelife.com]

Hi,

for some unknown reasons Google Public DNS started to resolve the incorrect IP address for our domain:

$ dig breathelife.com @8.8.8.8

; <<>> DiG 9.10.6 <<>> breathelife.com @8.8.8.8

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35001

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;breathelife.com. IN A

;; ANSWER SECTION:

breathelife.com. 3525 IN A 216.239.32.21

breathelife.com. 3525 IN A 216.239.34.21

breathelife.com. 3525 IN A 216.239.36.21

breathelife.com. 3525 IN A 216.239.38.21

;; Query time: 3 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Thu Oct 31 11:16:47 EDT 2019

;; MSG SIZE  rcvd: 108

The IPs 216.239.X.21 are not our servers and we didn't make any change in our DNS for about 3-4 months.

I had to flush the Public DNS cache for this domain at https://developers.google.com/speed/public-dns/cache, but for a few hours our website and emails (MX records were also not resolving anymore) were not working because of this.

Any clue what could have happened?

Thanks

[ke...@keithslater.com]

I am seeing similar things. I can run dig multiple times, sometimes I get the correct IP, sometimes I get my DNS providers IP's. 

Seems very consistent with yours. Your DNS provider is google and the 4 IP's it resolves are Google IPs. Have you tried running the dig command multiple times to see if you get the correct result sometimes?

[Alex Dupuy]

Keith wrote:

I am seeing similar things. I can run dig multiple times, sometimes I get the correct IP, sometimes I get my DNS providers IP's. 

Seems very consistent with yours. Your DNS provider is google and the 4 IP's it resolves are Google IPs. Have you tried running the dig command multiple times to see if you get the correct result sometimes?

Keith, can you share your domain where you are seeing this problem? Are you using Google Domains as your registrar? Are you using Google Cloud DNS?

 

 

for some unknown reasons Google Public DNS started to resolve the incorrect IP address for our domain:

$ dig breathelife.com @8.8.8.8

 

;; ANSWER SECTION:

breathelife.com. 3525 IN A 216.239.32.21

breathelife.com. 3525 IN A 216.239.34.21

breathelife.com. 3525 IN A 216.239.36.21

breathelife.com. 3525 IN A 216.239.38.21

The IPs 216.239.X.21 are not our servers and we didn't make any change in our DNS for about 3-4 months.

I had to flush the Public DNS cache for this domain at https://developers.google.com/speed/public-dns/cache, but for a few hours our website and emails (MX records were also not resolving anymore) were not working because of this.

Any clue what could have happened?

https://gwhois.org/breathelife.com+dns shows that Google is not just the DNS provider for breathelife.com, it is also the registrar. I can't tell if the DNS service for the domain is provided using the Google Domains name servers or custom Google Cloud DNS name servers (the ns-cloud-b[1234].googledomains.com name servers are used by both services. Fo any given registered domain, Google Domains may use one of the A/B/C/D/E name server sets; the remainder are available for use by Google Cloud DNS.

When using the Google Domains name servers, there are some Google Domains specific features that can be enabled for a domain, such as:

• URL forwarding (https://support.google.com/domains/answer/4522141?hl=en)
• Email forwarding (https://support.google.com/domains/answer/3251241?hl=en)

The Google servers you were seeing as the result for breathelife.com are the same ones that I get when enabling URL forwarding for a domain that I have registered with Google Domains. I also see that the www subdomain is served as a CNAME to ghs.googlehosted.com. Did you see that as a result foe www.breathelife.com?

It seems that if this feature were activated accidentally, or due to a Google error on the authoritative side, it could have explained the problems you saw.

[ke...@keithslater.com]

Alex, I ended up figuring out that the client let the domain expire and then renewed it without telling me. This caused the registrar to change their nameservers which is causing the differing results.