[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: tor provided me first warning of corrupted ISP name servers
Am 24.08.2008 um 17:47 schrieb Scott Bennett:
Yesterday my tor server logged a message advising me of name
server
problem at the Comcast name servers whose addresses are given via
DHCP to
my computer upon connection to the Comcast network:
Aug 23 17:11:32.227 [notice] Your DNS provider gave an answer for
"y75smsh5mk7ggb.test", which is not supposed to exist. Apparently
they are hijacking DNS failures. Trying to correct for this. We've
noticed 1 possibly bad addresses so far.
Are these tests done by the tor software? I think this tests are not
valid, since services like OpenDNS.com reply _every_ name with an
address:
---
$ host -v -t a y75smsh5mk7ggb.test. 208.67.220.220
Trying "y75smsh5mk7ggb.test"
Using domain server:
Name: 208.67.220.220
Address: 208.67.220.220#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33093
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;y75smsh5mk7ggb.test. IN A
;; ANSWER SECTION:
y75smsh5mk7ggb.test. 0 IN A 208.69.34.132
Received 53 bytes from 208.67.220.220#53 in 36 ms
---
This is due to the fact, that they want to redirect typos to the
correct addresses. If you want, they even do stuff like ad blocking,
phishing protection and similar. That would also explain redirects of
known addresses like google.com.
I guess OpenDNS.com has become quite popular, since Dan Kaminsky
himself proposed to use it, if you have no chance to fix your DNS
against the recently published security hole. So if your provider
forwards to OpenDNS for security/financial reasons, you will see such
behaviour.
You can check if your DNS is safe on DK's blog (in the sidebar): http://www.doxpara.com/
Can I switch off these tests in tor?
Cheers,
Sven
--
http://sven.anderson.de "Believe those who are seeking the truth.
tel: +49-551-9969285 Doubt those who find it."
mobile: +49-179-4939223 (André Gide)