Yet another Quadruple DNS?

Ken Chase math at sizone.org
Thu Mar 29 16:34:37 UTC 2018


Who's got visible projects looking to detect this from various points/regimes
on the internet? 

(University of Toronto's IXMaps group whom I advised a few times over the
years did something similar for routes, not that BGPlay isnt out there, but
they translated it into human as a sociology project - borne of the Carnivore
era. https://www.ixmaps.ca/ )

Im glad no one said Namecoin yet.

Oops.

/kc


On Thu, Mar 29, 2018 at 04:26:47PM +0000, Baldur Norddahl said:
  >>
  >>
  >> Technically, tweaking your DNS resolver to lie (and/or to log) is much
  >> easier and faster (and waaaaay less expensive) than setting up a
  >> packet interception and rewriting device at line rate.
  >>
  >
  >It is just a static /32 route for well known DNS resolvers to the ISP
  >resolver. It is free and trivial. To make your resolver reply with the
  >correct IP you simply add all the well known /32 addresses to the localhost
  >interface.
  >
  >To get any service instead of just well known ones, you can use source
  >routing based on the port nummer 53. Direct this to a Linux server that
  >will NAT the traffic towards the ISP DNS. This is also trivial and free,
  >provided your routers support source routing (ours do).
  >
  >Detectable yes, but also hard to escape for the average user. They will
  >need to go full VPN. Running your own resolver will not work.
  >
  >Regards
  >
  >Baldur

-- 
Ken Chase - math at sizone.org Guelph Canada



More information about the NANOG mailing list