[dns-operations] alidns

Jelte Jansen jelte.jansen at sidn.nl
Tue Jun 17 07:27:11 UTC 2014

On 06/17/2014 06:29 AM, Hauke Lampe wrote:
> On 16.06.2014 13:58, Stephane Bortzmeyer wrote:
>>> anybody give a test and review on alidns.com?
>> Lying resolver. (The real addresses are in
>> % dig @ A facebook.com    
>> facebook.com.		27381 IN A
> That looks just like the usual Chinese Filters to me. I don't think you
> can blame the resolver operator but it sure limits its usefulness from
> outside China.

To answer in a similar matter as the resolver:

yes, and yes/no, and no

This particular answer seems like a good resolver simply passing on what
it gets. It also regularly returns this one:
facebook.com.		300	IN	A

Note the TTL, and you can't see from this c/p, but it doesn't change.
Same for some of the other usual suspects.

It's not only giving back wrong data it gets, as is expected, it also
has at least one instance that has different wrong data hard-configured.
As, I guess, could also be expected.

Even if it would dnssec-validate, it would still return that answer, but
of course any validating client would catch that too.


More information about the dns-operations mailing list