Level(3) DNS Spoofing All Domains

Patrick Schultz lists-nanog at schultz.top
Tue Nov 19 15:55:50 UTC 2019 

Just to weigh in: Here in Germany, the largest internet provider (Deutsche Telekom) did the same thing.
It's basically just a "search guide", it redirects you to a search page and assumes you just had a typo in the URL.

Telekom stopped doing that in April, after a user reported them to the district attorney for supposed data manipulation, a misdemeanor.

Am 18.11.2019 um 18:45 schrieb Marshall, Quincy:
> This is mostly informational and may have already hit this group. My google-foo failed me if so.
> 
>  
> 
> I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are spoofing all domains. If the hostname begins with a “w” and does not exist in the authoritative zone these hosts will return two Akamai hosts.
> 
>  
> 
> [root at localhost ~]# dig +short w3.dummydomaindoesntexist.gov @4.2.2.2
> 
> 23.202.231.167
> 
> 23.217.138.108
> 
> [root at localhost ~]# dig +short w3.dummydomaindoesntexist.net @4.2.2.2
> 
> 23.202.231.167
> 
> 23.217.138.108
> 
> [root at localhost ~]# dig +short w3.dummydomaindoesntexist.com @4.2.2.2
> 
> 23.202.231.167
> 
> 23.217.138.108
> 
> [root at localhost ~]# dig +short w3.dummydomaindoesntexist.org @4.2.2.2
> 
> 23.202.231.167
> 
> 23.217.138.108
> 
>  
> 
> My apologies if this is old news.
> 
>  
> 
> *Lawrence Q. Marshall*
> 
>  
> 
> 
> 
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> This email has been scanned for email related threats and delivered safely by Mimecast.
> For more information please visit http://www.mimecast.com <http://www.mimecast.com>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

More information about the NANOG mailing list