[dns-operations] new public DNS service: 9.9.9.9
Chuck Anderson
cra at WPI.EDU
Mon Nov 20 17:37:46 UTC 2017
On Mon, Nov 20, 2017 at 09:21:53AM -0800, Damian Menscher wrote:
> On Mon, Nov 20, 2017 at 7:58 AM, A. Schulze <sca at andreasschulze.de> wrote:
> >
> > Am 20.11.2017 um 13:08 schrieb Damian Menscher:
> > > If you identify instances of BGP hijacking please report either
> > privately to the victim (Google in your example) or publicly to the nanog
> > mailing list, so corrective action can be taken.
> >
> > is there an easy way to identify an answer from a resolver (aka 8.8.8.8)
> > as an answer from Google?
> >
> > "dig @8.8.8.8 hostname.bind. txt chaos" would be a weak indicator for
> > example
> > but unfortunately, Google don't respond to such queries.
> >
>
> Given the intent is to detect malicious hijacking, I'm not sure posting a
> query that can be imitated by others is useful. Instead, I recommend
> running a traceroute and confirming the path enters Google's network before
> reaching the final host.
How do I tell from this traceroute?
>traceroute -T -O info -p 53 8.8.8.8
...
6 et-7-3-0.120.rtsw.newy32aoa.net.internet2.edu (198.71.47.57) 6.450 ms 6.752 ms 6.752 ms
7 lo-0.8.rtr.newy2.net.internet2.edu (64.57.20.215) 6.738 ms 6.833 ms 6.776 ms
8 162.252.69.201 (162.252.69.201) 6.604 ms 162.252.69.199 (162.252.69.199) 6.578 ms 162.252.69.201 (162.252.69.201) 6.536 ms
9 * * *
10 * * *
11 google-public-dns-a.google.com (8.8.8.8) <syn,ack> 7.172 ms 7.211 ms 6.796 ms
More information about the dns-operations
mailing list