[dns-operations] Capturing 8.8.8.8 Traffic

Cutler James R james.cutler at consultant.com
Tue Feb 26 16:59:42 UTC 2013


On Feb 26, 2013, at 11:35 AM, Mike Jones <mike at mikejones.in> wrote:
> I wonder if anyone can come up with a justification for why you would
> intercept 8.8.8.8, but not 4.2.2.2, or 141.1.1.1, or 74.82.42.42,
> or....?
> 
> There are cases where it is arguably OK to intercept DNS traffic, such
> as tightly controlled networks or certain netorks with visitors that
> might have manual DNS servers set instead of getting them from DHCP. I
> don't see these scenarios applying to 8.8.8.8 any differently than it
> would apply to other DNS traffic (in practice, all port 53). While the
> arguments against messing with my packets it are still there, it is at
> least more consistent and therefore less likely to cause the same
> level of support nightmare.
> 
> - Mike

While I did say, "There is no business justification for spending the time and money to design and deploy DNS spoofing on speculation.", what you are speaking of is a walled garden. Justification for a walled garden is not based on speculation about what Google does or does not do.  Clients within a walled garden explicitly or implicitly agree to accept the service provided within the garden.

Thus it is doubtful that there is any good justification for uniquely blocking or spoofing access to 8.8.8.8 or any other address outside of a walled garden scenario.

James R. Cutler
james.cutler at consultant.com

"Don't touch my      packets!"




More information about the dns-operations mailing list