[dns-operations] NXDOMAIN rewriting by lying resolvers (Was: new public DNS service: 9.9.9.9
wbrown at e1b.org
wbrown at e1b.org
Tue Nov 21 17:01:17 UTC 2017
"Stephane Bortzmeyer" <bortzmeyer at nic.fr> wrote on 11/21/2017 11:14:17 AM:
> > a better test is to query for a totally bogus domain, and see what
> > you get back. Google will return NXDOMAIN, an ISP will usually take
> > you to a search page or the like.
>
> "Not all ISPs" (yes, this is a reference to recent political campaigns)
I did not intend to imply all ISPs do this. But if they do, this is
probably the most reliable test as it will discover IP address hijacking
as well as redirecting port 53 and detecting NXDOMAIN and offering
"suggestions".
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
More information about the dns-operations
mailing list