DNS Hijacking? - FiOS Northeast
Jim Popovitch
jimpop at domainmail.org
Thu Jan 10 02:08:48 UTC 2019
On Wed, 2019-01-09 at 18:30 +0000, Phil Lavin wrote:
> > We are seeing DNS requests for A and AAAA to 8.8.8.8 come back with
> > erroneous replies resolving to 146.112.61.106 when sent via FiOS
> > circuits in the northeast. Anyone else seeing issues with DNS on
> > FiOS in Northeast? Issue started around 12:25 AM ET this morning
> > and seems to be affecting customers in PA, RI, etc..
>
> 146.112.61.106 appears to be an Anycast IP served by OpenDNS when
> pages are blocked by the Cisco Umbrella service - https://support.ope
> ndns.com/hc/en-us/articles/227986927-What-are-the-Cisco-Umbrella-
> Block-Page-IP-Addresses-
>
> Are you sure the queries are going to Google 8.8.8.8 and not OpenDNS?
>
> What URL(s) are you seeing this on?
>
> Do you have a traceroute to 8.8.8.8 from an affected site?
You can also do:
~$ dig TXT test.dns.google.com @8.8.8.8
"Thanks for using Google Public DNS."
hth,
-Jim P.
More information about the NANOG
mailing list