Re: [PLUG] DNS Packet Redirecting/Rewriting by ISPs

gabriel rosenkoetter on Thu, 12 Jun 2003 11:45:20 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] DNS Packet Redirecting/Rewriting by ISPs

From: gabriel rosenkoetter <gr@eclipsed.net>

To: Philadelphia Linux User Group <plug@lists.phillylinux.org>

Subject: Re: [PLUG] DNS Packet Redirecting/Rewriting by ISPs

Date: Thu, 12 Jun 2003 11:44:34 -0400

Mail-followup-to: Philadelphia Linux User Group <plug@lists.phillylinux.org>

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4i

On Thu, Jun 12, 2003 at 03:07:27AM -0400, Michael F. Robbins wrote: > I run an authoritative nameserver for my domains. When I use standard > DNS tools to query the nameserver *while ssh'd into the nameserver box*, > everything looks fine. However, when I use the same tools to query the > nameserver from another computer remotely, passing through more than a > dozen other hops, the packet comes back differently. Could you show us precisely what commands you're using, please? > Also supporting this theory is that when I query for other domains, like > yahoo.com, on my nameserver, I should expect to get no response. If your name server doesn't provide a response for yahoo.com when you do something like this: grappa:~% nslookup Default Server: localhost Address: 127.0.0.1 > yahoo.com Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: yahoo.com Address: 66.218.71.198 then your nameserver is intensely broken. What software are you using? > Furthermore, the nameserver logs seem to support this. None of my > "yahoo.com" style queries are even sent to my server, while all of my > successful (those that should be authoritative) queries appear to come > from a Class C block of IPs that appears to represent a third party. I'd have to see what you did to query your DNS to be sure. > I did manage to find this document: > "Optimizing ISP Networks and Services with DNS Redirection" > http://www.nortelnetworks.com/products/library/collateral/intel_int/dns_wp.pdf > Google PDF->HTML: > http://216.239.39.100/search?q=cache:LUOHoIYtTegJ:www.nortelnetworks.com/products/library/collateral/intel_int/dns_wp.pdf+DNS+packet+redirected+ISP&hl=en&ie=UTF-8 That definitely sounds like what you're describing. > Are my conclusions on the right track? Is this a common practice in the > ISP industry? Of all the other hops between my workstation and the > server, where might this rewriting be occuring? Michael Toren's tcptraceroute would probably help you answer that. (Trace to a host through port 22, then to the same host through 53. See where the 53 dies. Oh... unless they're only redirecting UDP, not TCP, traffic... in that case, UTSL.) -- gabriel rosenkoetter gr@eclipsed.net
Attachment: pgpwVIIZGDxwi.pgp
Description: PGP signature

References:

[PLUG] DNS Packet Redirecting/Rewriting by ISPs
From: "Michael F. Robbins" <mike@gamerack.com>

Prev by Date: Re: [PLUG] DNS Packet Redirecting/Rewriting by ISPs

Next by Date: Re: [PLUG] Re: gentoo on PPC

Previous by thread: Re: [PLUG] DNS Packet Redirecting/Rewriting by ISPs

Next by thread: [PLUG] Tiresome question: does StarOffice have a back button yet ?

Index(es):

Date

Thread