[dns-operations] new public DNS service: 9.9.9.9

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Nov 21 16:12:05 UTC 2017


On Mon, Nov 20, 2017 at 09:21:53AM -0800,
 Damian Menscher <damian at google.com> wrote 
 a message of 70 lines which said:

> Given the intent is to detect malicious hijacking, I'm not sure
> posting a query that can be imitated by others is useful.

In theory, you're right but, in practice, most hijackers are lazy and
do not bother to imitate the public DNS resolver so well.

> Instead, I recommend running a traceroute and confirming the path
> enters Google's network before reaching the final host.

RTT measurement is also a good idea. If Google Public DNS suddenly
gets much closer, it may mean Google added a server… or that your ISP
hijacked 8.8.8.8
<https://labs.ripe.net/Members/emileaben/a-ripe-atlas-view-of-internet-meddling-in-turkey>



More information about the dns-operations mailing list