[dns-operations] new public DNS service: 9.9.9.9
Jared Mauch
jared at puck.nether.net
Tue Nov 21 18:49:17 UTC 2017
> On Nov 21, 2017, at 11:25 AM, Ray Bellis <ray at isc.org> wrote:
>
> On 21/11/2017 16:12, Stephane Bortzmeyer wrote:
>
>> RTT measurement is also a good idea. If Google Public DNS suddenly
>> gets much closer, it may mean Google added a server… or that your ISP
>> hijacked 8.8.8.8
>
> It was observed during RIPE that DNS lookups to F root from the Conrad
> hotel's network were being intercepted, although traceroutes were not.
>
> It was possible to observe this (among other means) by seeing that the
> ping RTT was much higher than the DNS RTT.
>
Yup, it’s as easy as:
/sbin/iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 1.2.3.4
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 1.2.3.4
where 1.2.3.4 is your local resolver you want to intercept things with.
- Jared
More information about the dns-operations
mailing list