[dns-operations] Hijacking of Google Public DNS in Turkey documented
Dave Warren
davew at hireahit.com
Sun Mar 30 01:28:09 UTC 2014
On 2014-03-29 18:20, Colm MacCárthaigh wrote:
>
> You're right, one of the many whoami records would work too, but I
> usually avoid those for two reasons; 1. users mostly don't know how
> to make DNS queries and often copy the wrong IP address back in their
> reports, and 2) the response is cacheable and so unreliable when your
> resolver has multiple IPs, or if you're testing several resolvers from
> behind a caching stub resolver. So I wrote the HTTP/Javscript
> interface with a cache buster to get rid of the problem.
>
> HackerNews user erhanerdogan
> <https://news.ycombinator.com/user?id=erhanerdogan> got back to me
> with a report: https://news.ycombinator.com/item?id=7494650
>
> Which looks like Google/OpenDNS are being replaced, rather than MITM'd
> or proxied. But I'd still be interested in more data.
>
Is it just Google/OpenDNS or all :53 traffic? Is recursive vs not a
factor? Most interesting indeed.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140329/3e999854/attachment.html>
More information about the dns-operations
mailing list