[dns-operations] Odd behaviour of DNS queries in PRC (facebook, youtube & twitter)

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Mar 25 13:28:16 UTC 2010

On Thu, Mar 25, 2010 at 09:38:49AM +0800,
 Xiaodong Lee <lee at cnnic.cn> wrote 
 a message of 19 lines which said:

> As the local host of the mirror site of I root server which was
> agreed by I root server administrator, and also as the ".CN"
> registry which is one of the members of DNS community, we wanna
> clarify that CNNIC never did any interceptions

Nobody said it was you. It could be the ISP's IGP which was hacked to
direct queries to a rogue and unofficial copy of I-root.

>From Bert's traceroute, I would say that some sort of dport-specific
trickery was used, to hijack only DNS packets.

More information about the dns-operations mailing list