[dns-operations] Capturing 8.8.8.8 Traffic

Mike Jones mike at mikejones.in
Tue Feb 26 16:35:42 UTC 2013


On 26 February 2013 14:34, Cutler James R <james.cutler at consultant.com> wrote:
> On Feb 26, 2013, at 8:32 AM, Carlos M. Martinez <carlosm3011 at gmail.com> wrote:
>
>> <Rant alert>
>>
>> Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't
>> excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.4
>>
>>> <SNIP/>
>
> There is no business justification for spending the time and money to design and deploy DNS spoofing on speculation.
>
> Even more expensive will be the increase in support call costs.
>
> Topping it all will be the cost of good will loss when tampering with customer traffic is discovered.

I wonder if anyone can come up with a justification for why you would
intercept 8.8.8.8, but not 4.2.2.2, or 141.1.1.1, or 74.82.42.42,
or....?

There are cases where it is arguably OK to intercept DNS traffic, such
as tightly controlled networks or certain netorks with visitors that
might have manual DNS servers set instead of getting them from DHCP. I
don't see these scenarios applying to 8.8.8.8 any differently than it
would apply to other DNS traffic (in practice, all port 53). While the
arguments against messing with my packets it are still there, it is at
least more consistent and therefore less likely to cause the same
level of support nightmare.

- Mike



More information about the dns-operations mailing list