If a single address is not going through, it sounds like you got on a blacklist at Comcast or somewhere else. However, I would expect this to affect outgoing mail more than incoming.
http://www.dnsstuff.com/ and other sites have tools to check blacklists for you in case it is external.
Generating some email traffic using http://www.blat.net/ or even straight telnet will give you more insight into what is happening.
No: you just blocked the wrong host: the host you are trying to block doesn't even have a DNS entry: http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=tls.telemetry.swe.quickinc.com
Also: see chrome://net-internals
Tl;dr: no conspiracy, just a typo.
We should go after this hole's domain as well. Ironmarch.org should be easy to shut down. This little den of morons has actually killed people. This is where Devon Aurthers and his friends hung out, they've also had people arrested for conspiracy to commit mass shootings.
http://www.dnsstuff.com/tools#whois|type=domain&&value=ironmarch.org
Looks like they use Wild West Domains and Cloudflare. I think these companies should hear about ironmarch. They also have a web at ropeculture.org that appears to use tucows and cloudflare.
http://www.dnsstuff.com/tools#whois|type=domain&&value=ropeculture.org
Ok, lets geek out.
Connect to your VPN
Go to http://www.dnsstuff.com/
At the top of the page, they will show you your as-perceived-by-the-Internet IP address, and the geolocation data.
Does it scream Italy?
I've had a really long day at work and I'm a bit fried, but two things;
dig +trace is your friend. Ditch nslookup, a dig -trace -t A record.com (or leave off the -t type to get full info). This will tell you everything the root servers know about your domain. They get the glue record from your registrar and you can follow the whole chain
All 'authoritative' means is simply that the DNS server in question can resolve that request with its own resource records on its own filesystem without having to ask anyone else. Which does not include caching servers
You can get an ADDITIONAL section when directly querying an authoritative name server, not just the roots.
For 'additional lookup times', I would immediately suspect some issue with your SOA record and the way your upstream caching "ddos protection" or whatever is handling things. Possibly something TTL related or something related to how they cache/expire cache etc. You can either track it down by timing direct queries against your actual authoritative servers or ask your CDN thing what's going on.
I run a stealth master at work and it's absolutely transparent to the internets. Then again, I don't rely on SOA records for an update mechanism. I do direct notifies via also-notify directive.
You can give these guys a try, they're pretty reliable for finding glaring issues; http://www.dnsstuff.com/
WHOIS data is privacy'd unfortunately.
Valve's site is privacy'd by the same company.
DNS records are not the same in any way between the two sites.
DNS records for half-life2.com are the same for valvesoftware.com, but are not the same in any way as half-life3.com.
orange.half-life2.com points to an IP address run by akamai, a well known CDN.
half-life3.com points to an IP address run by confluence-networks whom I've never heard of.
~~Conclusion: It's not happening.~~
Edit: Actually it might be the same people. The administration and registrant emails are the same, which appear to be randomly generated or a hash of some sort. I need to find a domain using the same privacy company to confirm.
According to this it's a hash or unique ID.
steampowered.com lists the same contact information.
Take a look at the registration data: http://www.dnsstuff.com/tools/whois/?tool_id=66&token=&toolhandler_redirect=0&ip=illuminati.org
Registrant Organization:Ancient Order of Bavarian Seers
Your DNS is misconfigured: http://www.dnsstuff.com/tools/traversal/?domain=blog.ruslans.com&type=A&token=11a0aba66da33b3d25d2b49601999019
OpenDNS is giving NXDOMAIN for blog.ruslans.com from several locations; you can check from http://www.opendns.com/support/cache/ .
If the domain of their email addresses are jw.org it hasnt happened yet (again?).
jw.org. MX IN 3600 34ms jw-org.mail.protection.outlook.com. [Preference = 10]
Question is what you mean by monitoring? Do you want to monitor if the system or services are up or down. Or do you want to monitor as in collect data and see when a service is being highly used and some metrics.
Here is a list of some free server monitoring tools.
We use Icinga since we moved from using Nagios and I wanted something that was being patched and updated more often to the free community. https://www.icinga.com/
When it comes to server monitoring for up or down of services like we do you really don't need graphics. Just simple box in Green, Yellow or Red to tell you what service is up, failing/becoming and issue, or down. Along with emails to alert you when you are not watching the monitor. I'm not a fan of people that judge a product on if it has visual bells and whistles and not if it solves you problem and gives you want you need. But, you can also skin nagios or icinga and make it more appealing.
Some get through because they look legit. Look at the headers particularly the IPs. If you look at a few you will probably notice a trend and pattern in the IPs. From there you can block a range of IPs. Also a good tool is http://www.dnsstuff.com/tools to analyze the headers.
Yo, don't search for your domain on a domain name register. It's not unheard of to see a domain you searched for registered a couple days later then put up for sale. Some registers will see your search and jump on the domain.
This happened to me. Searched for a domain I wanted, went back 3 days later to buy it and it was gone.
Use nslookup another domain lookup tool (http://www.dnsstuff.com/ or your web browser) rather then a register search tool. Only go to your preferred domain register when you are buying, not searching.
That doesn't lead to anything, you liar!
Probably because it's apparently the IP address of some user in China.
Also when looking up the domain it goes back to China, often times known for counterfeit products.
Considering the cost I would buy directly from the official website and avoid this one.
anyone can already get a general geographic location from your IP address. i fail to see how this is a new thing. just punch your IP address into the form labeled "IP Information."
The host name leads to an IP address issued by private ISP in New Jersey. It's a hoax...you have nothing to worry about.
"Pretty good" and "perfect" are completely different things. Here is logitech.com's DNS record. The big TXT record is what Gmail, and other mail servers, use to determine if a mail is spoofed or not.
If we ditch the IP addresses in that SPF record we have include:_spf.google.com include:_spf.salesforce.com
. This means any mail that is being sent from those servers as a logitech.com address is "not spoofed". Salesforce is a customer database and can function as support, and you know google.com.
Just because it says it's from a good email address and Gmail didn't detect it as spoofing doesn't mean it's completely safe.
I appreciate you taking the time to respond.
Yeah, I've been trying every combo I can think of between dig, dnsstuff, mxtoolbox, and intodns to diagnose.
I'm not sure what fresh hell I might be in, but mxtoolbox is now reporting no bad glue, while (at the moment), both intodns and dnsstuff are showing the same bad glue. I guess I'm going to let cache TTLs expire and see if the other tools start reporting successfully. If they do, I guess I'll just have to wonder if Incapsula fixed something on their end without telling me.
You should probably start at DNSStuff.com and see if you are missing anything on your domain (like a PTR record). They have a tools page too. Down near the bottom are some email specific things to test.
The general expectation is that any system that expects other hosts on the internet to accept SMTP mail should have matching forward and reverse DNS records.
You should also strive to make sure that the host (when sending mail) identifies as the actual hostname that it will reverse resolve to. So, if your mail server is known as mx.example.com, make sure it identifies itself to other mail servers as mx.example.com (this will be in your SMTP server configuration probably) and that the IP address reverse resolves to mx.example.com
At that point, you're golden.
I actually have an account on Solarwinds DNS Stuff, and I usually use the free account level for basic, ad-hoc third party sanity checking of my DNS fabric's health.
http://www.dnsstuff.com/products/mstc
They have a mail server test center feature on dnsstuff.com, might want to check it (and the other DNS tools) out. They give you "OK" green lights for things that are good, including informative status text, and they give you warnings and errors for things that are totally dicked about your configuration.
(I am not an employee, just an enthusiastic Solarwinds customer.)
The article states that they will issue a warning to users browsing malicious proxy's such as 74.125.45.100. Which appears to be hosted by Google.
So is this a case of Google trying to not lose revenue by actually shutting down all malicious sites hosted on their domain, but at the same time making it look like they are pro-actively making the web a safer place?
This is what I got...looks like a website hosted by some ISP in New Jersey. Meh...