you're not interesting, was Re: another brick in the wall[ed garden]

Mark Andrews Mark_Andrews at isc.org
Thu May 14 18:58:32 CDT 2009


In message <20090514223605.88104.qmail at simone.iecc.com>, John Levine writes:
> >Dear Sprint EVDO people,
> >
> >Your man-in-the-middle hijacking of UDP/53 DNS queries against
> >nameservers that I choose to query from my laptop on Sprint EVDO is
> >not appreciated.  Even less appreciated is your complete blocking of
> >TCP/53 DNS queries.
> 
> If I were an ISP, and I knew that approximately 99.9% of customer
> queries to random name servers was malware doing fake site phishing or
> misconfigured PCs that will work OK and avoid a support call if they
> answer the DNS query, with 0.1% being old weenies like us, I'd do what
> Sprint's doing, too.

	And what's the next protocol that is going to be stomped on?

> If you're aware of a mechanical way for them to tell the difference,
> we're all ears.

	Well you can't answer a TSIG message without knowing the
	shared secret so you might as well just let it go through
	and avoid some percentage of support calls.  Intercepting
	TSIG messages is guaranteed to generate a support call.

	Similarly intercepting "rd=0" is also guaranteed to generate
	a support call.  You almost certainly have a interative
	resolver making the query which will not handle the "aa=0"
	responses.

	Similarly there is no sane reason to block DNS/TCP other than
	they can do it.

	Mark

> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies
> ",
> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
> "More Wiener schnitzel, please", said Tom, revealingly.
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org




More information about the NANOG mailing list