[dns-operations] Capturing 184.108.40.206 Traffic
paul.hoffman at vpnc.org
Mon Feb 25 20:52:02 UTC 2013
On Feb 25, 2013, at 12:17 PM, Carlos M. Martinez <carlosm3011 at gmail.com> wrote:
> I know. And I agree. But we are all seeing people going to 220.127.116.11, even
> people at home.
> So maybe having an alternative you can locally 'spoof' wouldn't hurt.
It will hurt, in ways that you cannot predict. And, when the hurt comes, you will probably be defensive about the spoofing because you had some reason at the beginning to do it.
In the example that started this thread, let's assume X captures the queries to 18.104.22.168 and spoof. Then Google turns on DNSSEC validation but X doesn't. Then someone gets hurt in a way that would not have happened if the answers actually came from 22.214.171.124. X's reply is "the queries to 126.96.36.199 were taking too long!".
X has made one tradeoff that the customer didn't. Worse, in the meantime, the latency of 188.8.131.52 for the customer might have gone way down and X didn't notice it.
It will always hurt because it will always last longer than intended.
More information about the dns-operations