While I made a fool of myself doing it, I've got the DNS issue fixed.
DNS Cache Poisoning has become a recent problem. It's a big one, and most of the major DNS servers in the world were more or less forced to upgrade their DNS software and configurations over the past three weeks.
There is a DNS test page
here, where you can check to see if
your ISP has fixed their DNS software/configuration yet. Another, similar, test page is
doxpara (right side).
I started bugging my ISP a couple of weeks ago to fix his. I got ignored by CS, so I dusted off on old email address to a high-level admin, bypassing the CS frontend, and got an actual response: we'll get around to it, RSN.
And a couple of days ago, they fixed their DNS. Which broke my configuration, because . . . .
. . . I have two ISPs. I started with NCPlus when I moved to this general area again six years ago and was forced to settle for dialup for a few months (yes, I ran my hobby servers through a dialup modem; yes, it worked; yes, it was slow) until I could relocate to a DSL-capable address. NCPlus is a budget operation but they have one feature that I really want & like: SquirrelMail.
When I later got DSL, I wanted a sturdy ISP to hold it up, so I re-initiated my old relationship with another ISP, Pacifier (now Infinity Internet). They know internet, and I'd been with them for years. However, with Qwest, the local telco, providing the physical lines, I knew it would die every so often, so I kept NCPlus for cheap backup dialup -- and SquirrelMail. And I did have occasion to use the dialup about twice a year for a couple of years. Haven't fired up the analog modem for almost three years now, don't even know if it still works, but it's still here.
Turns out I never updated any of my servers or workstations to use Infinity's DNS servers. Oops.
So, when NCPlus fixed their DNS, they also implemented a good rule: nobody except their customers could use their DNS servers. Fair enough . . . but they "know" who is their customer by the customer's IP address (which they hand out). I get my IP from Infinity and that IP doesn't fall within the "allowed" range of IPs that NCPlus allows to use their resources.
And so, no DNS for Al.
This home network has been so stable, and I've been out of IT for so long, that I forgot how it all works, because it usually . . .
just works. I complained to NCPlus CS and got blank answers, because from their perspective it all looked fine. When I finally "got a clue" and realized that Infinity was giving me my IP, I called them up, and of course they are unable to do much troubleshooting other than pinging my router, because they're geared up to deal with clients running mainstream operating systems. The guy asks, "uh, what version of 'doze you running," and I reply no version, no Linux either. "Mac?," he asks. Nope.
The conversation went downhill from there.
After I decided that it really didn't look like a problem on Infinity's end, I started re-learning what I've managed to forget over the past five years, and did finally get all the boxes to point to Infinity's DNS servers, but it wasn't exactly easy.
But, it's fixed.