Weird issue; This is a Korea Net (KORNIC) network that Facebook.com was resolving to on Windows Server 2003 DNS Server Cache. Cleared DNS Server cache, dumped workstation cache (ipconfig /flushdns && ipconfig /registerdns) and it’s resolving properly now.

Lookup against local DNS server:

nslookup www.facebook.com
Server:  mydomain.local
Address:  10.3.0.254

Non-authoritative answer:
Name:    www.facebook.com
Address:  59.24.3.173

Lookup against Google:

nslookup www.facebook.com 8.8.8.8
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

Non-authoritative answer:
Name:    www.facebook.com
Address:  69.63.181.16

I am researching this a little further.  Not sure how this record got polluted — if it actually did get polluted.  Here’s some WHOIS output for this rogue address:

giga:~# whois -H 59.24.3.173

query: 59.24.3.173

# KOREAN

Á¶È¸°á°ú´Â ¾Æ·¡¿Í °°À¸¸ç, ½ÇÁ¦ Á¤º¸¿Í »óÀÌÇÒ ¼ö ÀÖ½À´Ï´Ù.

IPv4ÁÖ¼Ò           : 59.24.3.128-59.24.3.191
³×Æ®¿öÅ© À̸§      : KORNET-11022837000
¿¬°á ISP¸í         : KORNET
ÇÒ´ç³»¿ª µî·ÏÀÏ    : 20081018
ÇÒ´çÁ¤º¸ °ø°³¿©ºÎ  : N

[ IPv4ÁÖ¼Ò »ç¿ë ±â°ü Á¤º¸ ]
±â°ü°íÀ¯¹øÈ£       : ORG833442
±â°ü¸í             : Çѱ¹Åë½Å´ë±¸º»ºÎ
ÁÖ¼Ò               : Æ÷Ç׽à ³²±¸ ´ëµµµ¿
¿ìÆí¹øÈ£           : 790-140

[ ³×Æ®¿öÅ© ´ã´çÀÚ Àι° Á¤º¸ ]
±â°ü¸í             : Çѱ¹Åë½Å´ë±¸º»ºÎ
ÁÖ¼Ò               : Æ÷Ç׽à ³²±¸ ´ëµµµ¿
¿ìÆí¹øÈ£           : 790-140
ÀüÀÚ¿ìÆí           : ip@krnic.kornet.net

--------------------------------------------------------------------------------

¸¸¾à À§ÀÇ IPv4ÁÖ¼Ò »ç¿ë±â°ü Á¤º¸°¡ ¿Ã¹Ù¸£Áö ¾ÊÀ» °æ¿ì
¾Æ·¡ÀÇ ÇØ´ç ¿¬°á ISP ´ã´çÀÚ¿¡°Ô ¹®ÀÇÇϽñ⠹ٶø´Ï´Ù.

[ ¿¬°áISPÀÇ IPv4ÁÖ¼Ò Ã¥ÀÓÀÚ Á¤º¸ ]
À̸§               : IPÁÖ¼Ò°ü¸®ÀÚ
ÀüÈ­¹øÈ£           : +82-2-3674-5708
ÀüÀÚ¿ìÆí           : kornet_ip@kt.com

[ ¿¬°áISPÀÇ IPv4ÁÖ¼Ò ´ã´çÀÚ Á¤º¸ ]
À̸§               : IPÁÖ¼Ò´ã´çÀÚ
ÀüÈ­¹øÈ£           : +82-2-3674-5708
ÀüÀÚ¿ìÆí           : kornet_ip@kt.com

[ ¿¬°áISPÀÇ Network Abuse ´ã´çÀÚ Á¤º¸ ]
À̸§               : ½ºÆÔ/ÇØÅ·´ã´ç
ÀüÈ­¹øÈ£           : +82-2-100-0000
ÀüÀÚ¿ìÆí           : abuse@kornet.net

# ENGLISH

KRNIC is not an ISP but a National Internet Registry similar to APNIC.
The following is organization information that is using the IPv4 address.

IPv4 Address       : 59.24.3.128-59.24.3.191
Network Name       : KORNET-11022837000
Connect ISP Name   : KORNET
Registration Date  : 20081018
Publishes          : N

[ Organization Information ]
Organization ID    : ORG833442
Org Name           : hangugtongsindaegubonbu
Address            : Daedo-dong, Nam-gu, Pohang-si, Gyeongsangbuk-do
Zip Code           : 790-140

[ Technical Contact Information ]
Org Name           : hangugtongsindaegubonbu
Address            : Daedo-dong, Nam-gu, Pohang-si, Gyeongsangbuk-do
Zip Code           : 790-140
E-Mail             : ip@krnic.kornet.net

--------------------------------------------------------------------------------

If the above contacts are not reachable, please contact following ISP
for further information.

[ ISP IPv4 Admin Contact Information ]
Name               : IP Administrator
Phone              : +82-2-3674-5708
E-Mail             : kornet_ip@kt.com

[ ISP IPv4 Tech Contact Information ]
Name               : IP Manager
Phone              : +82-2-3674-5708
E-Mail             : kornet_ip@kt.com

[ ISP Network Abuse Contact Information ]
Name               : Network Abuse
Phone              : +82-2-100-0000
E-Mail             : abuse@kornet.net

I’m not sure if this is cause for alarm quite yet. I will continue to look into this.


You might also be interested in...

Print This Post Print This Post