Why must Comcast's DNS suck?
aluminumsulfate at earthlink.net
aluminumsulfate at earthlink.net
Tue Nov 14 14:47:14 EST 2006
> Date: Tue, 14 Nov 2006 12:21:40 -0500
> From: Chip Marshall <chip at 2bithacker.net>
> On November 14, 2006, Steven W. Orr sent me the following:
> > On Tuesday, Nov 14th 2006 at 09:06 -0800, quoth Thomas Charron:
> > => Brace yourself. I don't know the current status, but in the past, I know
> > =>Comcast has intercepted all DNS queries, regardless or destination, and
> > =>redirected them to their own.
> >
> > If they do that how can you tell?
>
> I think for that to work, they'd have to spoof the source IP of the
> returning UDP packet. I think the only way you'd be able to tell if it's
> being tampered with is by comparing the TTL of the returning UDP packets
> to what you'd expect to see if they were coming from the actual name
> server. Theoretically, the packets from Comcast's nameserver should have
> a higher TTL, having traversed less hops to get to you.
A more reliable test would be to find a set of test cases for which
Comcast's and Real DNS servers return different responses and
periodically query names from that set of domains.
More information about the gnhlug-discuss
mailing list