[dns-operations] Hijacking of Google Public DNS in Turkey documented
colm at stdlib.net
Sun Mar 30 01:33:34 UTC 2014
Seems to be specific resolvers getting targeted with simple no-export
routes within the ISPs. Intercepting all :53 traffic would look pretty
On Sat, Mar 29, 2014 at 6:28 PM, Dave Warren <davew at hireahit.com> wrote:
> On 2014-03-29 18:20, Colm MacCárthaigh wrote:
> You're right, one of the many whoami records would work too, but I usually
> avoid those for two reasons; 1. users mostly don't know how to make DNS
> queries and often copy the wrong IP address back in their reports, and 2)
> the response is cacheable and so unreliable when your resolver has multiple
> IPs, or if you're testing several resolvers from behind a caching stub
> resolver. So I wrote the HTTP/Javscript interface with a cache buster to
> get rid of the problem.
> HackerNews user erhanerdogan<https://news.ycombinator.com/user?id=erhanerdogan> got
> back to me with a report: https://news.ycombinator.com/item?id=7494650
> Which looks like Google/OpenDNS are being replaced, rather than MITM'd
> or proxied. But I'd still be interested in more data.
> Is it just Google/OpenDNS or all :53 traffic? Is recursive vs not a
> factor? Most interesting indeed.
> Dave Warrenhttp://www.hireahit.com/http://ca.linkedin.com/in/davejwarren
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations