[dns-operations] DNS replies from AS 4808

Duane Wessels wessels at dns-oarc.net
Wed Jun 3 17:34:33 UTC 2009

On Wed, 3 Jun 2009, SM wrote:

> I assume it's outbound filtering.

I guess inbound versus outbound depends where you sit.  It looks to me
like queries (rather than responses) are being intercepted.  You'll
get a faked-up response for a "forbidden" query sent to any address
headed for AS 4808:

   $ dig @

   ; <<>> DiG 9.3.5-P2 <<>> @
   ; (1 server found)
   ;; global options:  printcmd
   ;; connection timed out; no servers could be reached

   $ dig @ +short twitter.com.blah

There is a paper (http://cs.nyu.edu/~pcw216/work/nds/final.pdf)
where the authors sent queries with different IP TTLs to show that
the filtering happens on a router (before reaching the end host).


More information about the dns-operations mailing list