[dns-operations] new public DNS service: 188.8.131.52
fweimer at redhat.com
Mon Nov 20 12:15:58 UTC 2017
On 11/20/2017 01:08 PM, Damian Menscher wrote:
> On Mon, Nov 20, 2017 at 3:47 AM, Florian Weimer <fweimer at redhat.com> wrote:
>> On 11/18/2017 09:11 AM, Damian Menscher wrote:
>>> Your argument that you don't trust the ISPs between you and
>>> Google/OpenDNS/Quad9, and therefore run your own local recursive resolver,
>>> confuses me. After all, your local recursive needs to query third-party
>>> authoritative servers anyway.
>>> To convince yourself, answer these two questions:
>>> - How many ISPs are between you and 184.108.40.206? I'm on Comcast, and they
>>> have direct peering with Google, so the number is zero.
>> 220.127.116.11 is increasingly seen as an anycast service address for DNS
>> unrelated to Google, similar to how you download the SSH keys for root
>> login from 169.254.169.254 or instance-data. I expect that many ISPs route
>> 18.104.22.168 to their own servers.
> Unlike 169.254/16 which is defined by RFC to be link-local, 22.214.171.124/24 has
> been allocated to Google.
Well, yes, there is this difference, but the reuse of
169.254.169.254/instance-data is technically invalid for the same reason.
> If you identify instances of BGP hijacking please report either privately
> to the victim (Google in your example) or publicly to the nanog mailing
> list, so corrective action can be taken.
Does this refer to BGP hijacking specifically, or any kind of routing
manipulation which causes 126.96.36.199 (and not DNS traffic in general) to be
handled locally within the ISP network?
More information about the dns-operations