both my miners had switched to 206.223.224.2 - cgminer (bamt) and cudaminer (win7), both rigs using google public dns 8.8.8.8.
Doing lookup on the bad ip:
nslookup 206.223.224.2
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: true.fiberpimp.net
Address: 206.223.224.2
wafflepool now resolves properly:
nslookup useast.wafflepool.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: useast.wafflepool.com
Address: 162.243.89.19
Doing lookup on the bad ip:
nslookup 206.223.224.2
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: true.fiberpimp.net
Address: 206.223.224.2
wafflepool now resolves properly:
nslookup useast.wafflepool.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: useast.wafflepool.com
Address: 162.243.89.19
While that sounds conclusive on the surface, did you ever run "nslookup useast.wafflepool.com" on dns server 8.8.8.8 and receive address 206.223.224.2 as a result? And wasn't it 206.223.224.225 that we are all talking about?
No, right now it seems the us wafflepool.com endpoints are resolving properly when using google's dns:
nslookup useast.wafflepool.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: useast.wafflepool.com
Address: 162.243.89.19
nslookup uswest.wafflepool.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: uswest.wafflepool.com
Address: 192.241.211.125
I'm assuming that when my miners went down, there was a DNS hijack taking place and if you'd tried resolving wafflepool at that point, you'd get the bad IP's. Looks like currently things are back to normal but I suggest keeping a close eye on your miners, maybe even direct setting the endpoint IP's in cgminer.conf in case this attack starts back up.
I am completed illiterate when it comes to this kind of stuff. What is the consensus here, is it something wrong on our machines/network or something wrong with Wafflepool? Or something that is in between?