On Tue, Nov 19, 2019 at 11:47 AM Mike Bolitho wrote:
> This is was my thought as well. People always get up in arms about how
> it's "Public DNS!" but it's really not. It's just well known and used
> because it's easy to remember.
>
I ask the users of 4.2.2.x where it is stated by the owners of
On Tuesday, November 19, 2019 1:35 PM, Mike Bolitho
said…
“How many of (my) clients have miss-typed something and sent their data,
unknowingly, to a 3rd party host? (Who’s fault would that be?)
Yours? They paid you to set up their network properly and you set it up to
resolve to Level 3. So
>
> How many of (my) clients have miss-typed something and sent their data,
> unknowingly, to a 3rd party host? (Who’s fault would that be?)
Yours? They paid you to set up their network properly and you set it up to
resolve to Level 3. So if they "unknowingly sent their data" to a third
party
On Tuesday, November 19, 2019 12:49 PM, Mike Bolitho
said…
“This is was my thought as well. People always get up in arms about how it's
"Public DNS!" but it's really not. It's just well known and used because it's
easy to remember”
I am not against their “securing” their hosts. It costs them
ers have only ever been for
> “customers” even though they would resolve for anyone. They started
> injecting NXDOMAIN redirects a while ago for non-customers.
>
>
>
>
>
> *From:* NANOG *On Behalf Of *Marshall, Quincy
> *Sent:* Monday, November 18, 2019 12:45 PM
> *
On 11/18/19 12:45, Marshall, Quincy wrote:
> This is mostly informational and may have already hit this group. My
> google-foo failed me if so.
>
>
>
> I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are
> spoofing all domains. If the hostname begins with a “w” and does
Wow, news to me, and it's worse than you thought. They're spoofing
responses for ALL non-existent domains, not just those starting with a "w":
langsam:~# whois unregistereddomaintest.com | head -1
No match for "UNREGISTEREDDOMAINTEST.COM".
langsam:~# dig +short a unregistereddomaintest.com
) DNS Spoofing All Domains
This message originated outside of NETSCOUT. Do not click links or open
attachments unless you recognize the sender and know the content is safe.
This is mostly informational and may have already hit this group. My google-foo
failed me if so.
I discovered
On Wed, Nov 20, 2019 at 12:07 AM Mel Beckman wrote:
>
> Frontier and Verizon have been doing it for years. They have simply thumbed
> their noses at NXDOMAIN. All in the name of capturing data and eyeballs By
> Any Means Necessary.
>
Verizon USED to do this on the former UUnet customer cache
On 11/18/19 12:45 PM, Marshall, Quincy wrote:
I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are
spoofing all domains. If the hostname begins with a “w” and does not
exist in the authoritative zone these hosts will return two Akamai hosts.
As far as I know, this has been
Frontier and Verizon have been doing it for years. They have simply thumbed
their noses at NXDOMAIN. All in the name of capturing data and eyeballs By Any
Means Necessary.
-mel
On Nov 19, 2019, at 8:00 AM, Matthew Pounsett wrote:
On Tue, 19 Nov 2019 at 10:57, Patrick Schultz wrote:
On Tuesday, November 19, 2019 10:42 AM Ryan, Spencer…
“Are you a CL/L3 customer?”
I am a legacy L(3) customer.
The availability of their AnyCast NS is public from my nets. I was on a my
home TWC circuit when I ran the provided lookups.
I have used the L(3) NS, in a pinch, because of their
On Tue, 19 Nov 2019 at 10:57, Patrick Schultz
wrote:
> Just to weigh in: Here in Germany, the largest internet provider (Deutsche
> Telekom) did the same thing.
> It's basically just a "search guide", it redirects you to a search page
> and assumes you just had a typo in the URL.
>
> Telekom
Just to weigh in: Here in Germany, the largest internet provider (Deutsche
Telekom) did the same thing.
It's basically just a "search guide", it redirects you to a search page and
assumes you just had a typo in the URL.
Telekom stopped doing that in April, after a user reported them to the
Le mar. 19 nov. 2019 à 16:36, Marshall, Quincy
a écrit :
>
> I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are
> spoofing all domains. If the hostname begins with a “w” and does not exist in
> the authoritative zone these hosts will return two Akamai hosts.
>
>
This is mostly informational and may have already hit this group. My google-foo
failed me if so.
I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are
spoofing all domains. If the hostname begins with a "w" and does not exist in
the authoritative zone these hosts will return
16 matches
Mail list logo
