3 is my mobile carrier. It offers an online service which allows its customers to check the current usage from their phones by accessing this URL: three.net.au/my3/gethome.do.
Usually it works quite well, but not today (and probably some more days to come), it gave me a HTTP ERROR 404. I thought I should just visit http://three.net.au and find out w-t-h is wrong. Unexpectedly it took me to another site — “callenden group policy wording”. It’s very weird so with some spare time, I decided to do a little investigation.
First let’s check who owns three.net.au:
$ whois three.net.au
Domain Name: three.net.au
Last Modified: 30-Sep-2010 11:52:55 UTC
Registrar ID: Melbourne IT
Registrar Name: Melbourne IT
Status: ok`
Registrant: Three Management Pty Ltd
Registrant ID: ABN 84096981529
Eligibility Type: Registered Business
Registrant Contact ID: MIT508840C
Registrant Contact Name: Peter Tay
Registrant Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Tech Contact ID: MIT966930C
Tech Contact Name: Ben Doyle
Tech Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Name Server: edns.wyith.net
Name Server: ns3.wyith.net
Name Server: ns4.wyith.net
Now let’s find out the IP address of three.net.au:
$ dig three.net.au
; <<>> DiG 9.7.1-P2 <<>> three.net.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17680
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;three.net.au. IN A
;; ANSWER SECTION:
three.net.au. 5393 IN A 202.139.248.52
;; AUTHORITY SECTION:
three.net.au. 5393 IN NS ns4.wyith.net.
three.net.au. 5393 IN NS edns.wyith.net.
three.net.au. 5393 IN NS ns3.wyith.net.
;; ADDITIONAL SECTION:
ns3.wyith.net. 84592 IN A 202.181.231.99
ns4.wyith.net. 84592 IN A 202.181.231.100
edns.wyith.net. 84592 IN A 202.181.240.44
;; Query time: 0 msec
;; SERVER: 192.168.1.132#53(192.168.1.132)
;; WHEN: Fri Dec 10 00:14:48 2010
;; MSG SIZE rcvd: 158
According to the query result, three.net.au points to this IP address: 202.139.248.52.
192.168.1.132 is my own DNS server, therefore it may have cached the results. Let’s try to run dig
command against the domain’s DNS servers instead.
$ dig @202.181.231.99 three.net.au
; <<>> DiG 9.7.1-P2 <<>> @202.181.231.99 three.net.au
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7925
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;three.net.au. IN A
;; ANSWER SECTION:
three.net.au. 7200 IN A 202.139.248.52
;; AUTHORITY SECTION:
three.net.au. 7200 IN NS ns3.wyith.net.
three.net.au. 7200 IN NS edns.wyith.net.
three.net.au. 7200 IN NS ns4.wyith.net.
;; ADDITIONAL SECTION:
edns.wyith.net. 86400 IN A 202.181.240.44
ns3.wyith.net. 86400 IN A 202.181.231.99
ns4.wyith.net. 86400 IN A 202.181.231.100
;; Query time: 211 msec
;; SERVER: 202.181.231.99#53(202.181.231.99)
;; WHEN: Fri Dec 10 00:19:17 2010
;; MSG SIZE rcvd: 158
We still get the same result. I did also dig against 202.181.231.99 and 202.181.231.100 which yield the same results.
Now let’s do a reverse lookup of 202.139.248.52.
$ dig -x 202.139.248.52
; <<>> DiG 9.7.1-P2 <<>> -x 202.139.248.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54308
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;52.248.139.202.in-addr.arpa. IN PTR
;; ANSWER SECTION:
52.248.139.202.in-addr.arpa. 116 IN PTR www.policywording.com.au.
;; AUTHORITY SECTION:
248.139.202.in-addr.arpa. 116 IN NS bne001n.server-dns.com.
248.139.202.in-addr.arpa. 116 IN NS wic001n.server-dns.com.au.
248.139.202.in-addr.arpa. 116 IN NS sjc001n.server-dns-us.com.
;; ADDITIONAL SECTION:
bne001n.server-dns.com. 116 IN A 203.147.241.3
sjc001n.server-dns-us.com. 116 IN A 203.27.226.35
wic001n.server-dns.com.au. 116 IN A 203.147.142.1
;; Query time: 0 msec
;; SERVER: 192.168.1.132#53(192.168.1.132)
;; WHEN: Fri Dec 10 00:26:17 2010
;; MSG SIZE rcvd: 236
52.248.139.202.in-addr.arpa. 116 IN PTR www.policywording.com.au.
This explains why visiting three.net.au takes you to the webpage of www.policywording.com.au.
My bet is that someone who looks after the DNS of three.net.au domain must have entered the wrong IP address for three.net.au. If I have a bit of free time, I’ll give ‘3’ customer service a call and get them fix this annoying error.