[dns-operations] Capturing Traffic

Joe Provo jzp-dnsops at rsuc.gweep.net
Mon Feb 25 17:31:59 UTC 2013

On Mon, Feb 25, 2013 at 07:26:07PM +0200, Graham Beneke wrote:
> I discovered the other day that a large customer of $dayjob has decided
> that it is a good idea to outsource the LAN support for their head
> office and NOC to a mom-and-pop IT shop. While I question the wisdom in
> that, I was far more concerned by the fact that this mom-and-pop shop
> had configured Google Public DNS as the resolver for everything on their
> LAN.
> Now on my corner of the planet Google DNS is 190ms away. Never mind the
> mess we have with all the CDNs mapping their traffic to a different
> continent.
> So what are you thoughts on capturing these queries and answering them
> on local resolvers that are <10ms away?
> The folks at Google are certainly not going to encourage us to spoof
> responses from their servers but are there any other potential pitfalls
> with doing this to save the customers from themselves?
I don't think *anyone* would encourage, reccomend or endorse hijacking
someone else's resolver addresses. What ever happened to providing the
service and educating the customer[s]?

         RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NANOG

More information about the dns-operations mailing list