[dns-operations] Hijacking of Google Public DNS in Turkey documented

Dave Warren davew at hireahit.com
Sun Mar 30 01:28:09 UTC 2014


On 2014-03-29 18:20, Colm MacCárthaigh wrote:
>
> You're right, one of the many whoami records would work too, but I 
> usually avoid those for two reasons;  1. users mostly don't know how 
> to make DNS queries and often copy the wrong IP address back in their 
> reports, and 2) the response is cacheable and so unreliable when your 
> resolver has multiple IPs, or if you're testing several resolvers from 
> behind a caching stub resolver. So I wrote the HTTP/Javscript 
> interface with a cache buster to get rid of the problem.
>
> HackerNews user erhanerdogan 
> <https://news.ycombinator.com/user?id=erhanerdogan> got back to me 
> with a report: https://news.ycombinator.com/item?id=7494650
>
> Which looks like Google/OpenDNS are being replaced, rather than MITM'd 
> or proxied. But I'd still be interested in more data.
>

Is it just Google/OpenDNS or all :53 traffic? Is recursive vs not a 
factor? Most interesting indeed.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140329/3e999854/attachment.html>


More information about the dns-operations mailing list