[dns-operations] Capturing Traffic

Ryan Rawdon ryan at u13.net
Wed Feb 27 01:21:04 UTC 2013

On Feb 25, 2013, at 11:46 AM, Carlos M. Martinez wrote:

> On principle I would hate my ISP messing around with my traffic,
> regardless of any good intentions.
> regards,
> ~Carlos

I whole-heartedly agree, which is why it did not sit well with me that Verizon Wireless is (on their 3G networks) capturing and  They are stripping out AAAA answers to any queries.  Queries sent to one of these address actually were broken, since VZW's middlebox doing this responded with the incorrect source address.  So not only were they intercepting queries to Google/L3's address space, they were mangling with them and breaking one of the resolvers entirely.  I confirmed that they are not doing this with any other resolvers I could find/test, 53/udp in general was not meddled with *except* for and

I wrote this up when I first discovered it ~2 years ago, I have since switched mobile carriers but would love to know if anyone can test and see if the same behavior is in place currently.


> On 2/25/13 3:26 PM, Graham Beneke wrote:
>> I discovered the other day that a large customer of $dayjob has decided
>> that it is a good idea to outsource the LAN support for their head
>> office and NOC to a mom-and-pop IT shop. While I question the wisdom in
>> that, I was far more concerned by the fact that this mom-and-pop shop
>> had configured Google Public DNS as the resolver for everything on their
>> LAN.
>> Now on my corner of the planet Google DNS is 190ms away. Never mind the
>> mess we have with all the CDNs mapping their traffic to a different
>> continent.
>> So what are you thoughts on capturing these queries and answering them
>> on local resolvers that are <10ms away?
>> The folks at Google are certainly not going to encourage us to spoof
>> responses from their servers but are there any other potential pitfalls
>> with doing this to save the customers from themselves?
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

More information about the dns-operations mailing list