[dns-operations] Hijacking of Google Public DNS in Turkey documented
davew at hireahit.com
Sun Mar 30 01:28:09 UTC 2014
On 2014-03-29 18:20, Colm MacCárthaigh wrote:
> You're right, one of the many whoami records would work too, but I
> usually avoid those for two reasons; 1. users mostly don't know how
> to make DNS queries and often copy the wrong IP address back in their
> reports, and 2) the response is cacheable and so unreliable when your
> resolver has multiple IPs, or if you're testing several resolvers from
> behind a caching stub resolver. So I wrote the HTTP/Javscript
> interface with a cache buster to get rid of the problem.
> HackerNews user erhanerdogan
> <https://news.ycombinator.com/user?id=erhanerdogan> got back to me
> with a report: https://news.ycombinator.com/item?id=7494650
> Which looks like Google/OpenDNS are being replaced, rather than MITM'd
> or proxied. But I'd still be interested in more data.
Is it just Google/OpenDNS or all :53 traffic? Is recursive vs not a
factor? Most interesting indeed.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations