NSLookup has the same problem. Always return opendns IP. paulo
On 31/07/2010, at 04:05, Jardel Weyrich wrote: > NXDOMAIN manipulation is an old concern. I believe it's being redirected for > a long time now, but they allow registered users to opt-out, afaik. And there > are many ISPs practicing this. > > Additionally, if they're only manipulating A and AAAA records for NXDOMAIN > responses, there should be no problem for an application that relies on > existing domains. SERVFAIL must NOT be manipulated though. > > Why are you using ping? Use nslookup and/or dig. > > Here's a patch for BIND that allows you to BLACKLIST the IP addresses of the > fake servers - http://sam.zoy.org/writings/internet/verisign/ > > And here's a draft on this matter - > http://tools.ietf.org/html/draft-livingood-dns-redirect-00 > > Concluding, I'm not defending their approach - I don't like it too ;-) > > -- > jardel > > On Fri, Jul 30, 2010 at 7:23 PM, Paulo Cesar Breim <[email protected]> wrote: > Dear everyone, > > > People who have changed their DNS Server to use the popular OpenDNS > (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken by > OpenDNS. > > When a user tries to access a non-existing host, OpenDNS manipulates the > result and provides the user with its own IP address. For example: > > Let us try to find the following server: “microsoft.apple.com” > If you are using OpenDNS and ping the above server this is what you get: > > =================== > PING microsoft.apple.com (67.215.65.132): 56data bytes > 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms > 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms > 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms > ^C > --- microsoft.apple.com ping statistics --- > 3 packets transmitted, 3 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms > =================== > > OpenDNS is telling the user that the server “microsoft.apple.com” not only > exists but its IP address is 67.215.65.132 !!! > ..and who is this IP? it is OPENDNS-NET-3. > > If, instead, you use Google’s DNS and ping the above server, this is what you > get: > > =================== > PCB-2:~ paulo$ ping microsoft.apple.com > ping: cannot resolve microsoft.apple.com: Unknown host > PCB-2:~ paulo$ > =================== > > Which is the most adequate reply from the DNS server. > > So my suggestion is that you should select and use a TRUE DNS Server. > > Paulo Cesar Breim > > People who have changed their DNS Server to use the popular OpenDNS > (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken by > OpenDNS. > > When a user tries to access a non-existing host, OpenDNS manipulates the > result and provides the user with its own IP address. For example: > > Let us try to find the following server: “microsoft.apple.com” > If you are using OpenDNS and ping the above server this is what you get: > > =================== > PING microsoft.apple.com (67.215.65.132): 56data bytes > 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms > 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms > 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms > ^C > --- microsoft.apple.com ping statistics --- > 3 packets transmitted, 3 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms > =================== > > OpenDNS is telling the user that the server “microsoft.apple.com” not only > exists but its IP address is 67.215.65.132 !!! > ..and who is this IP? it is OPENDNS-NET-3. > > If, instead, you use Google’s DNS and ping the above server, this is what you > get: > > =================== > PCB-2:~ paulo$ ping microsoft.apple.com > ping: cannot resolve microsoft.apple.com: Unknown host > PCB-2:~ paulo$ > =================== > > Which is the most adequate reply from the DNS server. > > So my suggestion is that you should select and use a TRUE DNS Server. > > Paulo Cesar Breim > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
