3 is my mobile carrier. It offers an online service which allows its customers to check the current usage from their phones by accessing this URL: three.net.au/my3/gethome.do.
Usually it works quite well, but not today (and probably some more days to come), it gave me a HTTP ERROR 404. I thought I should just visit http://three.net.au and find out w-t-h is wrong. Unexpectedly it took me to another site — “callenden group policy wording”. It’s very weird so with some spare time, I decided to do a little investigation.
First let’s check who owns three.net.au:
$ whois three.net.au
Domain Name: three.net.au
Last Modified: 30-Sep-2010 11:52:55 UTC
Registrar ID: Melbourne IT
Registrar Name: Melbourne IT
Status: ok
Registrant: Three Management Pty Ltd
Registrant ID: ABN 84096981529
Eligibility Type: Registered Business
Registrant Contact ID: MIT508840C
Registrant Contact Name: Peter Tay
Registrant Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Tech Contact ID: MIT966930C
Tech Contact Name: Ben Doyle
Tech Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Name Server: edns.wyith.net
Name Server: ns3.wyith.net
Name Server: ns4.wyith.net
Now let’s find out the IP address of three.net.au:
$ dig three.net.au
; <<>> DiG 9.7.1-P2 <<>> three.net.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17680
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;three.net.au. IN A
;; ANSWER SECTION:
three.net.au. 5393 IN A 202.139.248.52
;; AUTHORITY SECTION:
three.net.au. 5393 IN NS ns4.wyith.net.
three.net.au. 5393 IN NS edns.wyith.net.
three.net.au. 5393 IN NS ns3.wyith.net.
;; ADDITIONAL SECTION:
ns3.wyith.net. 84592 IN A 202.181.231.99
ns4.wyith.net. 84592 IN A 202.181.231.100
edns.wyith.net. 84592 IN A 202.181.240.44
;; Query time: 0 msec
;; SERVER: 192.168.1.132#53(192.168.1.132)
;; WHEN: Fri Dec 10 00:14:48 2010
;; MSG SIZE rcvd: 158
According to the query result, three.net.au points to this IP address: 202.139.248.52.
192.168.1.132 is my own DNS server, therefore it may have cached the results. Let’s try to dig against the domain’s DNS servers instead.
$ dig @202.181.231.99 three.net.au
; <<>> DiG 9.7.1-P2 <<>> @202.181.231.99 three.net.au
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7925
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;three.net.au. IN A
;; ANSWER SECTION:
three.net.au. 7200 IN A 202.139.248.52
;; AUTHORITY SECTION:
three.net.au. 7200 IN NS ns3.wyith.net.
three.net.au. 7200 IN NS edns.wyith.net.
three.net.au. 7200 IN NS ns4.wyith.net.
;; ADDITIONAL SECTION:
edns.wyith.net. 86400 IN A 202.181.240.44
ns3.wyith.net. 86400 IN A 202.181.231.99
ns4.wyith.net. 86400 IN A 202.181.231.100
;; Query time: 211 msec
;; SERVER: 202.181.231.99#53(202.181.231.99)
;; WHEN: Fri Dec 10 00:19:17 2010
;; MSG SIZE rcvd: 158
We still get the same result. I did also dig against 202.181.231.99 and 202.181.231.100 which yield the same results.
Now let’s do a reverse lookup of 202.139.248.52.
$ dig -x 202.139.248.52
; <<>> DiG 9.7.1-P2 <<>> -x 202.139.248.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54308
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;52.248.139.202.in-addr.arpa. IN PTR
;; ANSWER SECTION:
52.248.139.202.in-addr.arpa. 116 IN PTR http://www.policywording.com.au.
;; AUTHORITY SECTION:
248.139.202.in-addr.arpa. 116 IN NS bne001n.server-dns.com.
248.139.202.in-addr.arpa. 116 IN NS wic001n.server-dns.com.au.
248.139.202.in-addr.arpa. 116 IN NS sjc001n.server-dns-us.com.
;; ADDITIONAL SECTION:
bne001n.server-dns.com. 116 IN A 203.147.241.3
sjc001n.server-dns-us.com. 116 IN A 203.27.226.35
wic001n.server-dns.com.au. 116 IN A 203.147.142.1
;; Query time: 0 msec
;; SERVER: 192.168.1.132#53(192.168.1.132)
;; WHEN: Fri Dec 10 00:26:17 2010
;; MSG SIZE rcvd: 236
52.248.139.202.in-addr.arpa. 116 IN PTR http://www.policywording.com.au.
This explains why visiting three.net.au shows you the webpage of http://www.policywording.com.au.
My bet is that someone who looks after the DNS of three.net.au domain must have entered the wrong IP address for three.net.au. If I have a bit of free time, I’ll give ‘3’ customer service a call and get them fix this annoying error.