[dns-operations] Odd behaviour of DNS queries in PRC (facebook, youtube & twitter)
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Mar 25 13:28:16 UTC 2010
On Thu, Mar 25, 2010 at 09:38:49AM +0800,
Xiaodong Lee <lee at cnnic.cn> wrote
a message of 19 lines which said:
> As the local host of the mirror site of I root server which was
> agreed by I root server administrator, and also as the ".CN"
> registry which is one of the members of DNS community, we wanna
> clarify that CNNIC never did any interceptions
Nobody said it was you. It could be the ISP's IGP which was hacked to
direct queries to a rogue and unofficial copy of I-root.
>From Bert's traceroute, I would say that some sort of dport-specific
trickery was used, to hijack only DNS packets.
More information about the dns-operations
mailing list