[dns-operations] new public DNS service:

Jared Mauch jared at puck.nether.net
Tue Nov 21 18:49:17 UTC 2017

> On Nov 21, 2017, at 11:25 AM, Ray Bellis <ray at isc.org> wrote:
> On 21/11/2017 16:12, Stephane Bortzmeyer wrote:
>> RTT measurement is also a good idea. If Google Public DNS suddenly
>> gets much closer, it may mean Google added a server… or that your ISP
>> hijacked
> It was observed during RIPE that DNS lookups to F root from the Conrad
> hotel's network were being intercepted, although traceroutes were not.
> It was possible to observe this (among other means) by seeing that the
> ping RTT was much higher than the DNS RTT.

Yup, it’s as easy as:

/sbin/iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination

where is your local resolver you want to intercept things with.

- Jared

More information about the dns-operations mailing list