0

NextDNS Returning Invalid DNS Results?

I'm having an issue accessing Airtable today, and it appears NextDNS is returning an IP address that is not owned by Airtable.

If I make a DNS request for airtable.com, I get the following results:

nslookup airtable.com 45.90.28.180
Server:        45.90.28.180
Address:    45.90.28.180#53
Non-authoritative answer:
Name:    airtable.com
Address: 34.199.122.104
Name:    airtable.com
Address: 34.230.107.180
Name:    airtable.com
Address: 3.211.236.168
Name:    airtable.com
Address: 50.16.153.225

The 3.211.236.168 IP address is the problem. If I curl that IP, I get the following result:

curl -v "https://3.211.236.168"
*   Trying 3.211.236.168:443...
* Connected to 3.211.236.168 (3.211.236.168) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=quickdrivingdirections.com
*  start date: Mar 18 00:00:00 2022 GMT
*  expire date: Apr 16 23:59:59 2023 GMT
*  subjectAltName does not match 3.211.236.168
* SSL: no alternative certificate subject name matches target host name '3.211.236.168'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name '3.211.236.168'
More details here: https://curl.se/docs/sslcerts.html

You'll see the CN is for quickdrivingdirections.com and not Airtable.

I know this can entirely be on Airtable's end, but I am seeing zero reports online of anyone having an issue with Airtable. If I query Airtable's hostname on other DNS services, I do not receive the IP not owned by Airtable. For example, on Google:

nslookup airtable.com 8.8.8.8
Server:        8.8.8.8
Address:    8.8.8.8#53
Non-authoritative answer:
Name:    airtable.com
Address: 50.16.153.225
Name:    airtable.com
Address: 34.199.122.104
Name:    airtable.com
Address: 34.230.107.180
Name:    airtable.com
Address: 34.206.165.74

I am also seeing this issues when querying other configuration profiles on my account using the IPv6 address. What's going on here?

2 replies

null
    • NextDNs
    • 2 yrs ago
    • Reported - view

    Can't reproduce:

    dig airtable.com @45.90.28.0 +short
    34.230.107.180
    34.206.165.74
    50.16.153.225
    34.199.122.104

    What do you get for https://test.nextdns.io ?

      • Ron_Heft
      • 2 yrs ago
      • Reported - view

      NextDNS Thanks for looking into it!

      I have been able to resolve this issue. I discovered I was getting the bad IP with EDNS disabled on my account. Once I enabled EDNS, all the IPs from AirTable were correct as expected.

      If I perform a lookup today with EDNS disabled, the IPs are also correct, so I'm guessing this was on AirTable's side; they must have had a bad IP that was being served when no location data was provided.

      If you would like to do any more troubleshooting, I'm happy to assist, but since I can't reproduce now, I'm considering this resolved. Here is my test result if it helps at all. Thanks for the assistance! 

      {
"status": "ok",
"protocol": "DOH",
"profile": "fp3e3e42d1efd074eb",
"client": "2601:152:4d00:65a1:d118:f872:6bec:e335",
"srcIP": "2601:152:4d00:65a1:d118:f872:6bec:e335",
"anycast": true,
"server": "vultr-ewr-1",
"clientName": "tailscale",
"deviceName": "rkh-laptop",
"deviceID": "necqKn3CNTRL",
"deviceIP": "100.83.0.45",
"deviceModel": "macOS"
}
Login to reply

Content aside

  • 2 yrs agoLast active
  • 2Replies
  • 101Views
  • 2 Following