Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsNew Zealand BroadbandTrustPower DNS Server.
pillmonsta

73 posts

Master Geek
Inactive user


#228697 17-Jan-2018 22:39
Send private message

I have client with Trustpower's who's ISP provided router cannot obtain an IP address.  I just checked Trustpower's 203.74.33.0 DNS and it resolves to a Webmail login page.

 

Wireshark returned a Server is not an authority for domain response with authentication refused... .

 

 

 

Any comments?

 

 

 

Thx

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Aredwood
3885 posts

Uber Geek


  #1941743 17-Jan-2018 23:42

If you can't get this solved, get the client to change ISPs to one that uses PPPOE instead of DHCP.

Just with casual browsing of the ISP forums, there often seems to be faults reported that sound suspiciously like DHCP renewal failure. And they appear to happen more often with the ISPS that use DHCP.

Also using PPPOE makes it easier for an ISP to recover from an outage. As the ISP can force an IP renewal of a customers router just by dropping and re establishing the PPPOE tunnel. AFAIK no method exists to force DHCP clients to renew their IP. PPPOE also makes it a lot easier to setup failover to a backup connection if the primary one dies.

Personally If I need to change ISP, I will only select one that uses PPPOE.







pillmonsta

73 posts

Master Geek
Inactive user


  #1941758 18-Jan-2018 00:24
Send private message

Aredwood: If you can't get this solved, get the client to change ISPs to one that uses PPPOE instead of DHCP.

Just with casual browsing of the ISP forums, there often seems to be faults reported that sound suspiciously like DHCP renewal failure. And they appear to happen more often with the ISPS that use DHCP.

Also using PPPOE makes it easier for an ISP to recover from an outage. As the ISP can force an IP renewal of a customers router just by dropping and re establishing the PPPOE tunnel. AFAIK no method exists to force DHCP clients to renew their IP. PPPOE also makes it a lot easier to setup failover to a backup connection if the primary one dies.

Personally If I need to change ISP, I will only select one that uses PPPOE.
PPoE is for VDSL and Fibre, the router is syncing with an ADSL profile, which is another issue in itself.

 

The client has already been in contact with TP who basically suggested resting the router....

 

There has been no internet there for nearly 4 weeks. Tbh I'm really asking what is going on at Trustpowers end, why is the DNS server a Webmail page? Why is there an ADSL profile for VDSL prequal?

 

 

 

Also the previously mentioned 203.74.33.0 nameserver is blacklisted on two different sites. Is anybody else having similar issues?  I'd just like to get it resolved is all.....

 

 

 

Thanks

yitz
2080 posts

Uber Geek


  #1941762 18-Jan-2018 00:46
Send private message

pillmonsta:

why is the DNS server a Webmail page?

 

 

If I browse to http://202.74.33.0/ I don't get a webmail login page.

 

 

Sometimes multiple services are run on the single "virtual IP" behind a load balancer. However I agree it is unusual for an ISP to run a DNS resolver and have webmail pointing to the same IP.

 

 

Where are you getting the "Server is not an authority for domain response with authentication refused... ." ... looks like you have jumbled two different error messages? First part looks like a DNS response while second part is ... from the webmail login server? I'm not sure what this has to do with not being able to obtain an IP on a broadband connection, which sounds like a provisioning issue as you have alluded to.

 

 

I believe there is a Trustpower rep on these forums @taneb1 who may be available to respond.



pillmonsta

73 posts

Master Geek
Inactive user


  #1941763 18-Jan-2018 00:56
Send private message

This doesn't look too good....

 

 

 

https://www.robtex.com/dns-lookup/flaxbush.ddns.info

 

 

 

 

 

 

 

yitz
2080 posts

Uber Geek


  #1941765 18-Jan-2018 01:04
Send private message

Sorry I am not sure what any of the contents in the above post has to do with a broadband connection that is not working.

Aredwood
3885 posts

Uber Geek


  #1941791 18-Jan-2018 08:42

If it is only a DNS failure, why can't you just use Google DNS as a temporary measure?

From your first post, I thought that the problem was the router not being assigned a public IP address by Trustpower. And I assumed that the connection was fibre. And Trustpower don't use PPPOE on fibre. It would have helped to state the connection type in the first post.

I don't understand what exactly is broken. Does the router successfully establish a PPPOE tunnel? Do the above DNS server addresses get assigned to the router?





taneb1
517 posts

Ultimate Geek

ID Verified
Trusted
Mercury

  #1941841 18-Jan-2018 09:30
Send private message

Morning,

 

Sorry to hear that one of your clients is currently having issues - We are not aware of any faults or outages currently, but if you would like to PM me - I'd be happy to investigate this further for you to try and get this issue resolved. 

 

Thanks

 

Tane

 

 

 

 




Any comments made are my personal views and does not represent those of my employer

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
pillmonsta

73 posts

Master Geek
Inactive user


  #1942010 18-Jan-2018 13:46
Send private message

Aredwood: If it is only a DNS failure, why can't you just use Google DNS as a temporary measure?

From your first post, I thought that the problem was the router not being assigned a public IP address by Trustpower. And I assumed that the connection was fibre. And Trustpower don't use PPPOE on fibre. It would have helped to state the connection type in the first post.

I don't understand what exactly is broken. Does the router successfully establish a PPPOE tunnel? Do the above DNS server addresses get assigned to the router?
Google DNS won't help because the router is not authenticating. Sorry - I should have clarified that in my post. The main problem is no authentication.

pillmonsta

73 posts

Master Geek
Inactive user


  #1942011 18-Jan-2018 13:50
Send private message

taneb1:

 

Morning,

 

Sorry to hear that one of your clients is currently having issues - We are not aware of any faults or outages currently, but if you would like to PM me - I'd be happy to investigate this further for you to try and get this issue resolved. 

 

Thanks

 

Tane

 

 

 

 

 

Why is Trustpowers DNS address resolving to a Webmail login page?  Does that seem norrmal to you?

taneb1
517 posts

Ultimate Geek

ID Verified
Trusted
Mercury

  #1942017 18-Jan-2018 14:06
Send private message

pillmonsta:

 

Why is Trustpowers DNS address resolving to a Webmail login page?  Does that seem norrmal to you?

 

 

Your wireshark message indicates that you used the correct name server - 202.74.33.0. These are recursive name servers, so it is correct for the Authoritative Answer flag to not be set - this flag is set only when the message is from a server that is authoritative for a zone. This is how DNS works, and does not in any way indicate an error.

 

I.e. if you query the Trustpower nameservers for www.google.com, the Authoritative Answer flag is not set.
If you query the Google authoritative namservers for www.google.com, the Authoritative Answer flag is set.

 

When you say that it "resolves" to a webmail login page, I suspect what's happening is this - you are doing a reverse DNS lookup on 202.74.33.0, and you're getting "rns-1.kinect.co.nz". There is a wildcard DNS entry for *.kinect.co.nz which directs to the Trustpower webmail - this is a legacy function as there have been various names for this over the years. This however, would not impact any customer using the DNS server (202.74.33.0) for its intended purpose.

 

In regards to the comment of the DNS Server being blacklisted and the link to Flaxbush posted above, are you able to please expand further on this?
We are not currently aware of the DNS servers being on any blacklists and the Screenshots you provided are linked to a domain and IP address's not owned or hosted by Trustpower.

 

As mentioned in my previous message, if your client is still having issues - I am more then happy to look into this but will need you to PM me their account details so I can have someone look further into this.

 

Thanks

 

Tane

 

 




Any comments made are my personal views and does not represent those of my employer

pillmonsta

73 posts

Master Geek
Inactive user


  #1942042 18-Jan-2018 15:17
Send private message

taneb1:

 

pillmonsta:

 

Why is Trustpowers DNS address resolving to a Webmail login page?  Does that seem norrmal to you?

 

 

Your wireshark message indicates that you used the correct name server - 202.74.33.0. These are recursive name servers, so it is correct for the Authoritative Answer flag to not be set - this flag is set only when the message is from a server that is authoritative for a zone. This is how DNS works, and does not in any way indicate an error.

 

I.e. if you query the Trustpower nameservers for www.google.com, the Authoritative Answer flag is not set.
If you query the Google authoritative namservers for www.google.com, the Authoritative Answer flag is set.

 

When you say that it "resolves" to a webmail login page, I suspect what's happening is this - you are doing a reverse DNS lookup on 202.74.33.0, and you're getting "rns-1.kinect.co.nz". There is a wildcard DNS entry for *.kinect.co.nz which directs to the Trustpower webmail - this is a legacy function as there have been various names for this over the years. This however, would not impact any customer using the DNS server (202.74.33.0) for its intended purpose.

Yes correct, I did a reverse DNS lookup however there are around 7 webmail login pages and DDNS linked to that nameserver which is why it has been blacklisted afaik.

 

Also what do you mean a :"wildcard DNS entry"? for .kinect.co.nz? Can you expand on "wildcard"?

 

 

 

 

 

taneb1:

 

In regards to the comment of the DNS Server being blacklisted and the link to Flaxbush posted above, are you able to please expand further on this?
We are not currently aware of the DNS servers being on any blacklists and the Screenshots you provided are linked to a domain and IP address's not owned or hosted by Trustpower.

 

You quite sure about that because it says quite clearly at top of screenshot: "Hosted by Trust Power".  And the domains are all kinetic.co.nz I provided the link already

 

 

 

 

 

 

As mentioned in my previous message, if your client is still having issues - I am more then happy to look into this but will need you to PM me their account details so I can have someone look further into this.

 

Thanks

 

Tane

 

 

 

 

 

The client no longer has issues because the client has now terminated his contract with TrustPower.

 

 

 

Can a mod close this thread please.

 

 

 

 

pillmonsta

73 posts

Master Geek
Inactive user


  #1942044 18-Jan-2018 15:17
Send private message

taneb1:

 

pillmonsta:

 

Why is Trustpowers DNS address resolving to a Webmail login page?  Does that seem norrmal to you?

 

 

Your wireshark message indicates that you used the correct name server - 202.74.33.0. These are recursive name servers, so it is correct for the Authoritative Answer flag to not be set - this flag is set only when the message is from a server that is authoritative for a zone. This is how DNS works, and does not in any way indicate an error.

 

I.e. if you query the Trustpower nameservers for www.google.com, the Authoritative Answer flag is not set.
If you query the Google authoritative namservers for www.google.com, the Authoritative Answer flag is set.

 

When you say that it "resolves" to a webmail login page, I suspect what's happening is this - you are doing a reverse DNS lookup on 202.74.33.0, and you're getting "rns-1.kinect.co.nz". There is a wildcard DNS entry for *.kinect.co.nz which directs to the Trustpower webmail - this is a legacy function as there have been various names for this over the years. This however, would not impact any customer using the DNS server (202.74.33.0) for its intended purpose.

Yes correct, I did a reverse DNS lookup however there are around 7 webmail login pages and DDNS linked to that nameserver which is why it has been blacklisted afaik.

 

Also what do you mean a :"wildcard DNS entry"? for .kinect.co.nz? Can you expand on "wildcard"?

 

 

 

 

 

taneb1:

 

In regards to the comment of the DNS Server being blacklisted and the link to Flaxbush posted above, are you able to please expand further on this?
We are not currently aware of the DNS servers being on any blacklists and the Screenshots you provided are linked to a domain and IP address's not owned or hosted by Trustpower.


 

You quite sure about that because it says quite clearly at top of screenshot: "Hosted by Trust Power".  And the domains are all kinetic.co.nz I provided the link already

 

 

 

 

taneb1:

 

As mentioned in my previous message, if your client is still having issues - I am more then happy to look into this but will need you to PM me their account details so I can have someone look further into this.

 

Thanks

 

Tane

 

 

 

 

 

The client no longer has issues because the client has now terminated his contract with TrustPower.

 

 

 

Can a mod close this thread please.

 

 

 

 

yitz
2080 posts

Uber Geek


  #1942078 18-Jan-2018 16:22
Send private message

A wildcard DNS entry will mean all queries for subdomains that do not exist for a certain domain will return a nominated IP or name. It just so happens that they have 'for legacy reasons' pointed their wildcard entry to the IP of their web mail server. As explained this does not affect the ability for 202.74.33.0 to be specified as a DNS resolver address for their broadband customers or necessarily any security implications for their webmail platform.

 

 

I'm not sure what "flaxbush.ddns.info" has to do with anything and why it appears in the list of "8 most popular domains of this hoster". I can only suggest it may be a historical record of a third party's domain which has been pointed to this particular Trustpower IP in the past.

Aredwood
3885 posts

Uber Geek


  #1942133 18-Jan-2018 19:22

Did you figure out what the fault was in the end? As if you didnt you have the risk of it re appearing. And you end up looking silly from the clients point of view, if you recommend that they spend money, and the fault doesn't get fixed.





taneb1
517 posts

Ultimate Geek

ID Verified
Trusted
Mercury

  #1943241 19-Jan-2018 08:05
Send private message

pillmonsta:

 

Yes correct, I did a reverse DNS lookup however there are around 7 webmail login pages and DDNS linked to that nameserver which is why it has been blacklisted afaik.

 

Also what do you mean a :"wildcard DNS entry"? for .kinect.co.nz? Can you expand on "wildcard"?

 

 

pillmonsta:

 

You quite sure about that because it says quite clearly at top of screenshot: "Hosted by Trust Power". 

 

The client no longer has issues because the client has now terminated his contract with TrustPower.

 

 

The Robtex website you have linked to is an External Website that appears to scrape random data from the Internet. It is not a reverse DNS lookup on 202.74.33.0.

 

The FlaxBush domain mentioned in your post is not a website or domain hosted By Trustpower or any relation to the DNS server mentioned in the original post.
It is pointing to a different IP address and appears to be incorrect stated by Robtex as Hosted By Trustpower.

 

I am sorry to hear that your client has cancelled their contract with Trustpower, I am still however happy to escalate this further to look into what went wrong and ways that things can be improved in the future. The invitation to PM me further information is still open should you wish to do so. 

 

As requested by PillMonsta - Mods, can we please close this thread.




Any comments made are my personal views and does not represent those of my employer

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright