[dns-operations] Capturing 8.8.8.8 Traffic

Warren Kumari warren at kumari.net
Mon Feb 25 21:53:28 UTC 2013 

On Feb 25, 2013, at 12:42 PM, Lyle Giese <lyle at lcrcomputer.net> wrote:

> On 2/25/2013 11:31 AM, Joe Provo wrote:
>> On Mon, Feb 25, 2013 at 07:26:07PM +0200, Graham Beneke wrote:
>>> I discovered the other day that a large customer of $dayjob has decided
>>> that it is a good idea to outsource the LAN support for their head
>>> office and NOC to a mom-and-pop IT shop. While I question the wisdom in
>>> that, I was far more concerned by the fact that this mom-and-pop shop
>>> had configured Google Public DNS as the resolver for everything on their
>>> LAN.
>>> 
>>> Now on my corner of the planet Google DNS is 190ms away. Never mind the
>>> mess we have with all the CDNs mapping their traffic to a different
>>> continent.
>>> 
>>> So what are you thoughts on capturing these queries and answering them
>>> on local resolvers that are <10ms away?
>>> 
>>> The folks at Google are certainly not going to encourage us to spoof
>>> responses from their servers but are there any other potential pitfalls
>>> with doing this to save the customers from themselves?
>>  I don't think *anyone* would encourage, reccomend or endorse hijacking
>> someone else's resolver addresses. What ever happened to providing the
>> service and educating the customer[s]?
>> 
> I would check to see what happens to domains that don't exist.  Esp asking for the MX records for a domain that doesn't exist.
> 
> I had heard stories that some public resolvers will resolve when they should not.

Yup, good point -- some public resolvers do, but Google DNS (8.8.8.8) does *not*….

>  For surfing, minor issue.  For a mail server, major issue.

Yup, and for various other services, also major issue…

ICANN SSAC has a number of documents saying similar…

W

> 
> Lyle Giese
> LCR Computer Services, Inc.
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 

--
I once absend-mindedly ordered Three Mile Island dressing in a restaurant and, with great presence of mind, they brought Thousand Island Dressing and a bottle of chili sauce.
    -- Terry Pratchett

More information about the dns-operations mailing list