dig does it too. On Sun, Aug 1, 2010 at 2:03 AM, Paulo Cesar Breim (PCB) <[email protected]>wrote:
> NSLookup has the same problem. Always return opendns IP. > > paulo > > > > On 31/07/2010, at 04:05, Jardel Weyrich wrote: > > NXDOMAIN manipulation is an old concern. I believe it's being redirected > for a long time now, but they allow registered users to opt-out, afaik. And > there are many ISPs practicing this. > > Additionally, if they're only manipulating A and AAAA records for NXDOMAIN > responses, there should be no problem for an application that relies on > existing domains. SERVFAIL must NOT be manipulated though. > > Why are you using ping? Use nslookup and/or dig. > > Here's a patch for BIND that allows you to BLACKLIST the IP addresses of > the fake servers - http://sam.zoy.org/writings/internet/verisign/ > > And here's a draft on this matter - > http://tools.ietf.org/html/draft-livingood-dns-redirect-00 > > Concluding, I'm not defending their approach - I don't like it too ;-) > > -- > jardel > > On Fri, Jul 30, 2010 at 7:23 PM, Paulo Cesar Breim <[email protected]>wrote: > >> Dear everyone, >> >> >> People who have changed their DNS Server to use the popular OpenDNS >> (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken >> by OpenDNS. >> >> When a user tries to access a non-existing host, OpenDNS manipulates the >> result and provides the user with its own IP address. For example: >> >> Let us try to find the following server: “microsoft.apple.com” >> If you are using OpenDNS and ping the above server this is what you get: >> >> =================== >> PING microsoft.apple.com (67.215.65.132): 56data bytes >> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms >> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms >> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms >> ^C >> --- microsoft.apple.com ping statistics --- >> 3 packets transmitted, 3 packets received, 0.0% packet loss >> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms >> =================== >> >> OpenDNS is telling the user that the server “microsoft.apple.com” not >> only exists but its IP address is 67.215.65.132 !!! >> ..and who is this IP? it is OPENDNS-NET-3. >> >> If, instead, you use Google’s DNS and ping the above server, this is what >> you get: >> >> =================== >> PCB-2:~ paulo$ ping microsoft.apple.com >> ping: cannot resolve microsoft.apple.com: Unknown host >> PCB-2:~ paulo$ >> =================== >> >> Which is the most adequate reply from the DNS server. >> >> So my suggestion is that you should select and use a TRUE DNS Server. >> >> Paulo Cesar Breim >> >> People who have changed their DNS Server to use the popular OpenDNS >> (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken >> by OpenDNS. >> >> When a user tries to access a non-existing host, OpenDNS manipulates the >> result and provides the user with its own IP address. For example: >> >> Let us try to find the following server: “microsoft.apple.com” >> If you are using OpenDNS and ping the above server this is what you get: >> >> =================== >> PING microsoft.apple.com (67.215.65.132): 56data bytes >> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms >> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms >> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms >> ^C >> --- microsoft.apple.com ping statistics --- >> 3 packets transmitted, 3 packets received, 0.0% packet loss >> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms >> =================== >> >> OpenDNS is telling the user that the server “microsoft.apple.com” not >> only exists but its IP address is 67.215.65.132 !!! >> ..and who is this IP? it is OPENDNS-NET-3. >> >> If, instead, you use Google’s DNS and ping the above server, this is what >> you get: >> >> =================== >> PCB-2:~ paulo$ ping microsoft.apple.com >> ping: cannot resolve microsoft.apple.com: Unknown host >> PCB-2:~ paulo$ >> =================== >> >> Which is the most adequate reply from the DNS server. >> >> So my suggestion is that you should select and use a TRUE DNS Server. >> >> Paulo Cesar Breim >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
