[dns-operations] Unpublished IP addresses for Google Public DNS

Mark Andrews marka at isc.org
Thu Oct 19 23:52:16 UTC 2017


In message <20171019182722.ahqowjq7ztnpcqmi at mycre.ws>, Robert Edmonds writes:
> Babak Farrokhi wrote:
> > I believe it is safe to assume that documentation might be outdated or
> inaccurate.
> > Ive been probing this for a while using RIPE Atlas network around the
> world and sending queries like this:
> >
> > dig +short TXT maxmind.test-ipv6.com @8.8.8.8
> >
> > It returns the IP address AS number from which the resolver sends a
> query (should be one of those IP addresses Google published). There has
> been several cases that IPs belonged the Google (AS15169) but was not in
> the list you mentioned.  And it turned out there are operators around the
> world who redirect DNS traffic toward their own resolvers (like 2% of
> responses were coming from IP addresses did not belong to Google).
>
> There's also test.dns.google.com./TXT, which should return the TXT
> record "Thanks for using Google Public DNS." if the query is served by
> Google Public DNS, and NXDOMAIN otherwise.

It also returns NXDOMAIN for any other type.  Fumble finger your
test query and it won't work through a cache for 60 more seconds.

Why does Google consistently deploy servers that DO NOT FOLLOW THE
RFCs?  Answers from their servers should be consistent.  It make
debugging issues harder when they are not.  If forces other recursive
server vendors it install hacks to work around the lack of protocol
compliance in Googles servers.

Note: Google is not alone in doing this sort of thing.

Mark

; <<>> DiG 9.12.0b1+hotspot+add-prefetch+marka <<>> test.dns.google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53099
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;test.dns.google.com.		IN	A

;; AUTHORITY SECTION:
google.com.		59	IN	SOA	ns1.google.com. dns-admin.google.com. 172750142 900 900 1800 60

;; Query time: 151 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 20 10:43:39 AEDT 2017
;; MSG SIZE  rcvd: 98


; <<>> DiG 9.12.0b1+hotspot+add-prefetch+marka <<>> test.dns.google.com @8.8.8.8 txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43166
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;test.dns.google.com.		IN	TXT

;; ANSWER SECTION:
test.dns.google.com.	5	IN	TXT	"Thanks for using Google Public DNS."

;; Query time: 146 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 20 10:43:47 AEDT 2017
;; MSG SIZE  rcvd: 96


> --
> Robert Edmonds
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list