Quick website block analysis

One of my friend told me on error coming for http://www.musicindiaonline.com/ which was showing error that website is blocked as per DoT orders. I just checked it now and for now domain is not resolving at all! Quick analysis to see how site is blocked.  

anurag@laptop:~$ dig musicindiaonline.com a ; «» DiG 9.8.1-P1 «» musicindiaonline.com a ;; global options: +cmd ;; Got answer: ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 23431 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;musicindiaonline.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Nov 3 02:31:58 2012 ;; MSG SIZE rcvd: 38 anurag@laptop:~$


Clearly no error reply along with no A record return as well. This clearly indicates zone is there on DNS resolver itself and I can confirm it by looking for NS/SOA records on the resolver. I am testing this from my village connection on BSNL.

anurag@laptop:~$ dig musicindiaonline.com ns ; «» DiG 9.8.1-P1 «» musicindiaonline.com ns ;; global options: +cmd ;; Got answer: ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 17114 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;musicindiaonline.com. IN NS ;; ANSWER SECTION: musicindiaonline.com. 86400 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 86400 IN A 127.0.0.1 localhost. 86400 IN AAAA ::1 ;; Query time: 30 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Nov 3 02:33:26 2012 ;; MSG SIZE rcvd: 105  


If we look at gTLD root for delegation of domain name, we get:

anurag@laptop:~$ dig com. ns +short c.gtld-servers.net. d.gtld-servers.net. e.gtld-servers.net. f.gtld-servers.net. g.gtld-servers.net. h.gtld-servers.net. i.gtld-servers.net. j.gtld-servers.net. k.gtld-servers.net. l.gtld-servers.net. m.gtld-servers.net. a.gtld-servers.net. b.gtld-servers.net. anurag@laptop:~$ dig @c.gtld-servers.net. musicindiaonline.com. ns ; «» DiG 9.8.1-P1 «» @c.gtld-servers.net. musicindiaonline.com. ns ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 46992 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;musicindiaonline.com. IN NS ;; AUTHORITY SECTION: musicindiaonline.com. 172800 IN NS ns1.musicindiaonline.com. musicindiaonline.com. 172800 IN NS ns2.musicindiaonline.com. musicindiaonline.com. 172800 IN NS ns3.musicindiaonline.com. ;; ADDITIONAL SECTION: ns1.musicindiaonline.com. 172800 IN A 31.7.63.242 ns2.musicindiaonline.com. 172800 IN A 31.7.63.245 ns3.musicindiaonline.com. 172800 IN A 31.7.63.243 ;; Query time: 410 msec ;; SERVER: 192.26.92.30#53(192.26.92.30) ;; WHEN: Sat Nov 3 02:36:22 2012 ;; MSG SIZE rcvd: 140

Clearly difference in NS records. Thus primarily seems like a DNS based blockage.  I can actually use Google Public DNS and find IP of site and test connectivity:


anurag@laptop:~$ anurag@laptop:~$ dig musicindiaonline.com a @8.8.8.8 +short 31.7.63.244 anurag@laptop:~$ telnet 31.7.63.244 80 Trying 31.7.63.244… Connected to 31.7.63.244. Escape character is ‘^]’. HTTP GET www.musicindiaonline.com 400 Bad Request

400 Bad Request


nginx/1.1.0
Connection closed by foreign host. anurag@laptop:~$

Works! So you can go ahead and blame the bird named DNS for blocking your music! ;)