[dns-operations] NXDOMAIN rewriting by lying resolvers (Was: new public DNS service:

wbrown at e1b.org wbrown at e1b.org
Tue Nov 21 17:01:17 UTC 2017

"Stephane Bortzmeyer" <bortzmeyer at nic.fr> wrote on 11/21/2017 11:14:17 AM:

> > a better test is to query for a totally bogus domain, and see what
> > you get back.  Google will return NXDOMAIN, an ISP will usually take
> > you to a search page or the like.
> "Not all ISPs" (yes, this is a reference to recent political campaigns)

I did not intend to imply all ISPs do this.  But if they do, this is 
probably the most reliable test as it will discover IP address hijacking 
as well as redirecting port 53 and detecting NXDOMAIN and offering 

Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

More information about the dns-operations mailing list