nanog mailing list archives
Re: DNS and nxdomain hijacking
From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 5 Nov 2013 18:25:37 -0600
On Tue, Nov 5, 2013 at 2:38 PM, Warren Bailey < wbailey () satelliteintelligencegroup com> wrote:
I've noticed a lot more nxdomain redirects on providers (cox, uverse, tmo,
I believe these ISPs have been servicing a mucked up recursive DNS like this for quite a while. Yes, this traffic hijacking and modification of DNS server replies is very uncool for users. Yes, they do it anyways, on their own recursive DNS servers; which they can do of course, on their own DNS servers.
etc.) networks lately. How is this being done?? Is it a magic box or some kind of subscription service?
Both. There are multiple providers specializing in ISP DNS traffic monetization, that are well-known, with multiple articles about them; you redirect DNS traffic, or insert a sniffer box between recursive DNS servers and users, the hijacking provider monetizes the NXDOMAIN traffic, the ISP gets a small share. I won't be surprised if they have 50 salesmen monitoring this list, trampling each other to be the first to respond to your 'solicitation' now <G> Are any of you doing it?
I only know of very large residential providers doing it. This is believed to not be something Enterprise IT or business clients will tolerate, of their ISP. For one thing, NXDOMAIN response tampering breaks DNS-based spam filtering / hostname verification features.
//warren
-- -JH
Current thread:
- DNS and nxdomain hijacking Warren Bailey (Nov 05)
- Re: DNS and nxdomain hijacking Jimmy Hess (Nov 05)
- Re: DNS and nxdomain hijacking Phil Bedard (Nov 05)
- Re: DNS and nxdomain hijacking Eric Tykwinski (Nov 05)
- Re: DNS and nxdomain hijacking Andrew Sullivan (Nov 05)
- Re: DNS and nxdomain hijacking Ray Soucy (Nov 05)
- Re: DNS and nxdomain hijacking Mark Andrews (Nov 05)
- Re: DNS and nxdomain hijacking Livingood, Jason (Nov 06)
- Re: DNS and nxdomain hijacking Phil Bedard (Nov 05)
- Re: DNS and nxdomain hijacking Livingood, Jason (Nov 06)
- Re: DNS and nxdomain hijacking Jimmy Hess (Nov 05)