On Dec 17, 2013, at 12:47 AM, Stephane Bortzmeyer <[email protected]> wrote:
> On Tue, Dec 17, 2013 at 04:21:35PM +0800, > Jianjun Ning <[email protected]> wrote > a message of 61 lines which said: > >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; MBZ: 0005 , udp: 512 >> ;; QUESTION SECTION: >> ;www.google.com.hk. IN A >> >> The value of field MBZ is 0x0005!! > > The Google authoritative name servers do not seem to return a EDNS > section in their answers. Therefore, this section has probably been > added by your resolver, or by a middleman (something which is quite > common in China). The great firewall packet injector is easy to detect. Because it only responds to queries, target your dig (using @) to an IP that isn't hosting a DNS server. So, eg, dig +norecurse +bufsize=768 www.google.com.hk @192.150.187.1 (Sends to ICSI, but not our DNS server, so you know the route goes to the west coast of the US) -- Nicholas Weaver it is a tale, told by an idiot, [email protected] full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
