[dns-operations] DNS replies from AS 4808
Duane Wessels
wessels at dns-oarc.net
Wed Jun 3 17:34:33 UTC 2009
On Wed, 3 Jun 2009, SM wrote:
> I assume it's outbound filtering.
I guess inbound versus outbound depends where you sit. It looks to me
like queries (rather than responses) are being intercepted. You'll
get a faked-up response for a "forbidden" query sent to any address
headed for AS 4808:
$ dig @123.123.123.123
; <<>> DiG 9.3.5-P2 <<>> @123.123.123.123
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
$ dig @123.123.123.123 +short twitter.com.blah
209.145.54.50
There is a paper (http://cs.nyu.edu/~pcw216/work/nds/final.pdf)
where the authors sent queries with different IP TTLs to show that
the filtering happens on a router (before reaching the end host).
DW
More information about the dns-operations
mailing list