azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-BEAST-ROG at 2026-06-10 15:47:04

Browse Source 
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-06-10 15:47:04
This commit is contained in:
Winter Williams
2026-06-10 15:47:10 -07:00
committed by ClaudeTools Bot
parent c871ad8815
commit d573842ba2
1 changed files with 125 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
clients/putt-land-surveying/session-logs/2026-06/2026-06-10-discord-bot-dns-wipe-investigation.md Normal file
View File

@@ -0,0 +1,125 @@
# Session Log — puttsurveying.com DNS Wipe Investigation
## User
- **Executed by:** ClaudeTools Discord Bot (GURU-BEAST-ROG)
- **Requested by:** Winter Williams (@winterguru, via Discord) - tech
- **Role:** automation (acting on the requester's behalf)
---
## Session Summary
Winter reported that puttsurveying.com was unable to receive email. Initial DNS investigation via nslookup against 8.8.8.8 confirmed that no MX records existed for the domain — the query returned only an SOA record, indicating a complete absence of mail exchanger entries. DNS serial `2026060900` confirmed a zone change had occurred on 2026-06-09, pointing to a recent DNS modification as the cause.
Further investigation confirmed the domain is registered at GoDaddy (nameservers: ns45/ns47/ns48.domaincontrol.com, registrar: Wild West Domains LLC, a GoDaddy subsidiary). A check of our GoDaddy API returned `ACCESS_DENIED` for puttsurveying.com, confirming the domain is in the client's own GoDaddy account, not ours. No vault entry or wiki entry existed for this client.
M365 tenant presence was confirmed via `login.microsoftonline.com` OpenID discovery endpoint and the GetUserRealm endpoint, which returned tenant ID `25008634-91b4-40aa-8113-78ea03826156` and brand name "Putt Land Surveying Inc". The correct M365 MX target `puttsurveying-com.mail.protection.outlook.com` was verified to resolve to Microsoft's Exchange Online protection IPs. Mailprotector was checked — all 25 domains listed, puttsurveying.com was not among them.
A follow-up finding revealed that the website was also displaying a GoDaddy parking page. Fetching puttsurveying.com returned a redirect to `/lander` serving `img1.wsimg.com/parking-lander` — GoDaddy's default parking page injected when no A record is configured in the zone. Current A records (15.197.148.33 / 3.33.130.190) are GoDaddy's own parking IPs, not the client's original hosting. This confirmed the DNS wipe was broader than just mail records — the website A record was also deleted.
Syncro ticket #32404 was created (assigned to Winter, status: Waiting on Customer) documenting the full scope of missing records. A follow-up comment was added after the website finding was confirmed. The ticket is blocked pending GoDaddy credentials or delegate access from the client, and the original website hosting IP/provider.
---
## Key Decisions
- Assigned Syncro ticket to Winter (user_id 1737) since she is the tech working the issue, even though the API key is Mike's.
- Set ticket status to "Waiting on Customer" rather than "In Progress" — the fix is fully scoped but blocked on client access.
- Did not attempt to add DNS records via any workaround — domain is in the client's GoDaddy account and no legitimate path exists without credentials or delegate access.
- Used GetUserRealm endpoint to confirm M365 tenant rather than requiring M365 admin credentials — non-authenticated public endpoint sufficient for tenant verification.
- Checked Mailprotector before confirming M365-only mail flow — important to rule out a dual-layer setup before stating the correct MX records.
---
## Problems Encountered
- **Mailprotector domain list showed `?` for domain names initially** — API response uses `name` field, not `domain`. Fixed by inspecting the first object's keys and re-parsing with correct field name.
- **GoDaddy API returned ACCESS_DENIED** — domain is in client's own account. No workaround; documented as blocker.
- **SecurityTrails and MXToolbox were bot-blocked (403 / timeout)** — could not retrieve historical MX records to identify prior mail provider. Resolved by using GetUserRealm to confirm M365 directly rather than inferring from historical DNS.
- **Initial nslookup for puttsurveying-com.mail.protection.outlook.com appeared to not resolve** — only SOA returned in first check. Subsequent direct hostname resolution confirmed it resolves correctly to Exchange Online IPs.
---
## Configuration Changes
No files modified in repo. New directory and session log created:
- `clients/putt-land-surveying/session-logs/2026-06/` (created)
- `clients/putt-land-surveying/session-logs/2026-06/2026-06-10-discord-bot-dns-wipe-investigation.md` (created)
---
## Credentials & Secrets
No new credentials discovered or created. Vault paths accessed:
- `services/godaddy-api.sops.yaml` — GoDaddy Production API key (read-only, used for domain lookup; returned ACCESS_DENIED for this domain)
- `msp-tools/mailprotector.sops.yaml` — Mailprotector API key (read-only, used to check domain presence)
---
## Infrastructure & Servers
- **Domain:** puttsurveying.com
- **Registrar:** Wild West Domains, LLC (GoDaddy subsidiary)
- **Nameservers:** ns45/ns47/ns48.domaincontrol.com
- **Domain expiry:** 2031-01-31
- **Domain status:** clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
- **Current A records (parking):** 15.197.148.33, 3.33.130.190 (GoDaddy parking IPs)
- **M365 tenant name:** Putt Land Surveying Inc
- **M365 tenant ID:** 25008634-91b4-40aa-8113-78ea03826156
- **M365 MX target:** puttsurveying-com.mail.protection.outlook.com (resolves to 52.101.x.x range)
- **Mailprotector:** Not configured — domain not present
---
## Commands & Outputs
```bash
# MX lookup — confirmed no MX records
nslookup -type=MX puttsurveying.com 8.8.8.8
# Result: SOA only, no MX records
# M365 tenant confirmation
curl -s "https://login.microsoftonline.com/GetUserRealm.srf?login=admin@puttsurveying.com&xml=1"
# Result: <FederationBrandName>Putt Land Surveying Inc</FederationBrandName>, NameSpaceType=Managed
# M365 MX hostname resolution
nslookup puttsurveying-com.mail.protection.outlook.com 8.8.8.8
# Result: 52.101.11.3, 52.101.8.51, 52.101.41.24, 52.101.42.14 — RESOLVES OK
# GoDaddy API domain check
curl -s -X GET "https://api.godaddy.com/v1/domains/puttsurveying.com/records" \
-H "Authorization: sso-key 2wXWWFcuYk_2RGxdvpe1WZV2yPMvNLGEe:5pQZs7H9WY7dwh59XsJMNr"
# Result: {"code":"ACCESS_DENIED","message":"Authenticated user is not allowed access"}
# Website check
curl -s "https://puttsurveying.com"
# Result: redirect to /lander — GoDaddy parking page confirmed
# window.LANDER_SYSTEM="PW", window._trfd.push({ap:"parking"})
```
---
## Pending / Incomplete Tasks
- **Obtain GoDaddy access** — client needs to provide login credentials or grant delegate access (GoDaddy Settings -> Delegate Access -> Invite someone)
- **Obtain original website hosting IP/provider** — cannot be reconstructed from current DNS; client must provide
- **Add DNS records once access obtained:**
- `A`: `@` -> (client's original web hosting IP)
- `MX`: `@` -> `puttsurveying-com.mail.protection.outlook.com` (priority 0)
- `TXT`: `@` -> `v=spf1 include:spf.protection.outlook.com -all`
- `CNAME`: `autodiscover` -> `autodiscover.outlook.com`
- **Close Syncro ticket #32404** after records are restored and mail/website confirmed working
---
## Reference Information
- **Syncro ticket:** #32404 — https://computerguru.syncromsp.com/tickets/112504953
- **Syncro customer ID:** 7180175 (PUTT LAND SURVEYING, INC.)
- **Client email on record:** rphillips@puttsurveying.com
- **GoDaddy API docs:** https://developer.godaddy.com/doc
- **M365 MX record format:** `<domain>-<tld>.mail.protection.outlook.com`
- **Standard M365 DNS records for puttsurveying.com:**
- MX: `puttsurveying-com.mail.protection.outlook.com` priority 0
- SPF: `v=spf1 include:spf.protection.outlook.com -all`
- CNAME autodiscover: `autodiscover.outlook.com`