you're not interesting, was Re: another brick in the wall[ed garden]
Mark Andrews
Mark_Andrews at isc.org
Thu May 14 23:58:32 UTC 2009
In message <20090514223605.88104.qmail at simone.iecc.com>, John Levine writes:
> >Dear Sprint EVDO people,
> >
> >Your man-in-the-middle hijacking of UDP/53 DNS queries against
> >nameservers that I choose to query from my laptop on Sprint EVDO is
> >not appreciated. Even less appreciated is your complete blocking of
> >TCP/53 DNS queries.
>
> If I were an ISP, and I knew that approximately 99.9% of customer
> queries to random name servers was malware doing fake site phishing or
> misconfigured PCs that will work OK and avoid a support call if they
> answer the DNS query, with 0.1% being old weenies like us, I'd do what
> Sprint's doing, too.
And what's the next protocol that is going to be stomped on?
> If you're aware of a mechanical way for them to tell the difference,
> we're all ears.
Well you can't answer a TSIG message without knowing the
shared secret so you might as well just let it go through
and avoid some percentage of support calls. Intercepting
TSIG messages is guaranteed to generate a support call.
Similarly intercepting "rd=0" is also guaranteed to generate
a support call. You almost certainly have a interative
resolver making the query which will not handle the "aa=0"
responses.
Similarly there is no sane reason to block DNS/TCP other than
they can do it.
Mark
> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies
> ",
> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
> "More Wiener schnitzel, please", said Tom, revealingly.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the NANOG
mailing list