Full disclosure, I never recommend GoDaddy to anyone, EVER!
I think they spend more on Superbowl commercials than infrastructure. Here’s a chat transcript with a GoDaddy Support Rep. I had an A Record configured and the IP kept resolving to a GoDaddy IP. In the end I was offered no explanation other than, GoDaddy hosts millions of sites and it isn’t their fault.
GoDaddy Rep:
Thank you for contacting Sales & Support. My name is GoDaddy Rep I will be your product expert for today. I hope you’re doing well today. How may I help you?
20:29, Jan 11
You: My domain obfuscated.com has an A record pointing to 104.214.98.63 but its resolving to a godaddy ip of 50.63.202.43
20:29, Jan 11
You: it’s not cached, it’s been the 104 IP for a very long time. This all started last week
20:31, Jan 11
GoDaddy Rep:
I’ll gladly assist you with DNS today. I’ll be reviewing your account as well to provide you with some recommendations that can help with resolving your issue or increase your overall savings in the long run.
20:34, Jan 11
GoDaddy Rep:
To access your account I will need your 4 digit support PIN.
Please provide your PIN with this secure form I am sending you.
Click here to locate your 4 digit Support PIN
Once you open the link, the PIN will be located under ‘Login Info’
20:34, Jan 11
GoDaddy Rep: GoDaddy Rep has sent you a Secure Form: EN-US PIN
20:34, Jan 11
GoDaddy Rep: The following Secure Form has been submitted: EN-US PIN
20:37, Jan 11
GoDaddy Rep:
Thank you the PIN worked. Please bear with me while I review your account.
20:40, Jan 11
GoDaddy Rep:
Please give me more time we are digging deeper into the account.
20:43, Jan 11
GoDaddy Rep:
The domain is under propagation.
20:43, Jan 11
GoDaddy Rep:
It will take 24-72 hours for the record to be correct be applied on a global scale.
20:44, Jan 11
You: propagation means what?
20:44, Jan 11
You: and why is it under propagation?
20:46, Jan 11
GoDaddy Rep:
It means the settings is being applied on a global scale from one server to another it is savings or applying the changes in the record.
20:47, Jan 11
You: I get that. Why did the record change
20:47, Jan 11
You: How does a valid A record magically start pointing to a Godaddy IP?
20:47, Jan 11
GoDaddy Rep:
Where did you get that it is resolving on a different IP.
It is correct in our end.
https://www.whatsmydns.net/#A/OBFUSCATED.COM
20:48, Jan 11
You: From a PING
20:48, Jan 11
You: or MXToobox
20:48, Jan 11
GoDaddy Rep:
This is a global propagation checker. From here you should be able to see the IP where the A record is resolving.
20:48, Jan 11
GoDaddy Rep:
It is showing
104.214.98.63
20:49, Jan 11
You: Now, perhaps. But why did it change?
20:50, Jan 11
GoDaddy Rep:
Did you setup a forwarding previously?
20:50, Jan 11
GoDaddy Rep:
Or use this domain on a hosting platform.
20:50, Jan 11
You: No Sir, haven’t touched it
20:50, Jan 11
You: It points to my Azure server.
20:51, Jan 11
GoDaddy Rep:
When did you get this? ” A record pointing to 104.214.98.63 but its resolving to a godaddy ip of 50.63.202.43 ” From our record it is always 104.214.98.63 base from system logs
20:52, Jan 11
You: Started last week, or that’s when the customer reported the problemt o me
20:52, Jan 11
You: can you get print screens?
20:52, Jan 11
GoDaddy Rep:
Yeah send it to hisemail@godaddy.com
20:54, Jan 11
You: should have an email
20:54, Jan 11
You: sending you another one. I have several others at work, I’d have to RDP in to get them
20:55, Jan 11
You: It was literally bouncing back and fourth between 50 and 104. I have never seen anything like this in my 20 years.
20:55, Jan 11
GoDaddy Rep:
I understand now. It is Website Security Basic IP
20:56, Jan 11
You: WTF is that?
20:56, Jan 11
GoDaddy Rep:
It is scanning your website thus altering the IP during scan and return it back to normal
20:56, Jan 11
GoDaddy Rep:
It is a malware scanner that you add to
obfuscated.com
20:56, Jan 11
GoDaddy Rep:
Website Security Basic
obfuscated.com
20:57, Jan 11
GoDaddy Rep:
You set it up in your account. It should be located under website security in my product.
20:57, Jan 11
You: that is added to the godaddy account?
20:57, Jan 11
GoDaddy Rep:
Yes.
20:57, Jan 11
GoDaddy Rep:
Website Security and Backups
Website Security Basic obfuscated.com
20:58, Jan 11
You: Who would want that, a “security” feature that high jacks your A record and violates all known IP/DNS rules
21:00, Jan 11
GoDaddy Rep:
No its doesn’t high jacks the IP it just put it on a temporary IP then returns it back no downtime will occur.
21:00, Jan 11
You: The sites been down for a week
21:01, Jan 11
GoDaddy Rep:
The site is live even before I check the IP https://snag.gy/LwcSn.jpg
21:02, Jan 11
You: https://imgur.com/a/NTZWiG
21:03, Jan 11
You: it wasn’t 30 minutes ago and it’s been hit and miss
21:03, Jan 11
GoDaddy Rep:
Can you please clear your browsing history from the beginning of time and then restart your browser to clear the cache. You can also try it on private browsers such as incognito mode in chrome.
21:03, Jan 11
GoDaddy Rep:
Or go to geopeeker.com to view the site on a global scale
21:04, Jan 11
You: I know it’s working now, I wanna know how/why Website Security decided to redirect the site to a Godaddy IP
21:05, Jan 11
GoDaddy Rep:
The system logs indicating the IP was never change however since you have website security during a scan to filter your IP for possible malware attack or infiltration the IP needs to be replaced temporarily but it should not cause downtime.
21:05, Jan 11
You: The customer found the problem, their IT staff confirmed the problem. Then escalated the issue to me.
21:06, Jan 11
GoDaddy Rep:
Is it on a work network. Firewall network can block access to certain site.
21:06, Jan 11
You: Well, it did and now the customer is going to want a explanation as to why their site was down for nearly a week
21:06, Jan 11
You: Dude, c’mon man. I get all that. That’s why I told them to get IT involved
21:07, Jan 11
GoDaddy Rep:
A hacker can also replace the IP however since you have a website security once it is scanned it will be fix and return to original IP.
21:07, Jan 11
You: Then, once it was determined it wasn’t a local DNS issue I took it to you guys. Then confirmed the A Record was correct and still couldn’t explain why it was resolving to a Godaddy IP and why a godaddy site was provisioned to it
21:07, Jan 11
You: A hacker can…. replace the IP?
21:08, Jan 11
You: Like log in to the godaddy account and change the IP?
21:08, Jan 11
You: the A Record
21:08, Jan 11
GoDaddy Rep:
Yeah it can alter the DNS and then the website will down without a security it won’t be reverted.
21:08, Jan 11
GoDaddy Rep:
They don’t need to access the main account.
21:09, Jan 11
You: Are you suggesting that someone DNS hijacked several different business networks or are you saying someone hacked Godaddy account?
21:10, Jan 11
GoDaddy Rep:
They will just inject a malware that will proxy the IP of godaddy and change the value. Similar to how proxifier works
21:10, Jan 11
GoDaddy Rep:
No GoDaddy account. Just your website
21:11, Jan 11
GoDaddy Rep:
That’s why we have the product called website security to prevent this kind of thing which you have in your product.
21:11, Jan 11
You: So myself, my phone, my customer, their IT Contractor and my normal place of business all have the same malware?
21:11, Jan 11
GoDaddy Rep:
You can think of website security like having anti-virus for you computer but for you website. It scans your website once a day for malware, viruses, suspicious code and application vulnerabilities. The SMART tool automatically removes the bad stuff before it can harm your site.
21:12, Jan 11
GoDaddy Rep:
They are million type of malware but there function is to destroy the site or disconnect it from the server. Which happened and fix automatically since you have security.
21:12, Jan 11
GoDaddy Rep:
Anything else I can help you with for today?
21:14, Jan 11
You: listen, if I can’t get a solid answer as to why this happened I’m moving their park to network solutions. There’s no malware on their network, and definitely none on my network. And there for damn sure isn’t any on my nix server that hosts the site.
21:16, Jan 11
GoDaddy Rep:
I hope you understand that I am trying to explain to you that website attach has no solid answer it can be cause by a lot of different thing. If only we can show you the back logs of our server indicating that no change occur from our end believe me I will show you just to prove that your site and secure and should be working with no issue.
21:18, Jan 11
GoDaddy Rep:
*attack
21:19, Jan 11
You: So you have no answer. Fair enough. I’ll move the park. Because honestly, when I logged in last week and it showed the A Record pointing to the Azure server I thought the same thing. Their end… Sent them to their IT Service Provider and then the issue got thrown back to me. In other words, your DNS isn’t reliable then. That’s what I hear you saying.
21:21, Jan 11
GoDaddy Rep: That’s not what I am saying we have million subscriber using GoDaddy as there DNS provider but we will totally respect your decision regarding that matter but if the same attack happen hopefully you don’t encounter it again on your new registrar because believe me website are cloak Or hidden since they enter past through the website backdoor nobody would be able to provide you a solid answer. Everything vulnerable in the web product such as website security helps fix your issue automatically and prevent it from happening again. Anything else I can help you with for today?
21:24, Jan 11
You: It’s crazy a “hacker” would be so inclined to “cloak” the only site hosted on GoDaddy with a GoDaddy IP and a Godaddy Splash. Hucksters I tell you, Hucksters. I’ll move the park
21:25, Jan 11
GoDaddy Rep:
If that was everything, You have a Blessed day and please take care for me. A small favor here. It means the world to me if you can take the survey after this chat about how I handled the chat. Please click the Close button at top right to answer a few questions.Thank you in advance.
21:25, Jan 11
Info: Thanks for chatting!