Seems to be specific resolvers getting targeted with simple no-export routes within the ISPs. Intercepting all :53 traffic would look pretty different.
On Sat, Mar 29, 2014 at 6:28 PM, Dave Warren <da...@hireahit.com> wrote: > On 2014-03-29 18:20, Colm MacCárthaigh wrote: > > > You're right, one of the many whoami records would work too, but I usually > avoid those for two reasons; 1. users mostly don't know how to make DNS > queries and often copy the wrong IP address back in their reports, and 2) > the response is cacheable and so unreliable when your resolver has multiple > IPs, or if you're testing several resolvers from behind a caching stub > resolver. So I wrote the HTTP/Javscript interface with a cache buster to > get rid of the problem. > > HackerNews user > erhanerdogan<https://news.ycombinator.com/user?id=erhanerdogan> got > back to me with a report: https://news.ycombinator.com/item?id=7494650 > > Which looks like Google/OpenDNS are being replaced, rather than MITM'd > or proxied. But I'd still be interested in more data. > > > Is it just Google/OpenDNS or all :53 traffic? Is recursive vs not a > factor? Most interesting indeed. > > -- > Dave Warrenhttp://www.hireahit.com/http://ca.linkedin.com/in/davejwarren > > > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > -- Colm
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
