[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] OpenDNS is acting improperly !!!
From: "Paulo Cesar Breim (PCB)" <paulo () breim ! com ! br>
Date: 2010-07-31 17:03:12
Message-ID: 0CC789C5-DD7B-4811-97DC-4E425AD06AAF () breim ! com ! br
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
NSLookup has the same problem. Always return opendns IP.
paulo
On 31/07/2010, at 04:05, Jardel Weyrich wrote:
> NXDOMAIN manipulation is an old concern. I believe it's being redirected for a long time now, \
> but they allow registered users to opt-out, afaik. And there are many ISPs practicing this.
> Additionally, if they're only manipulating A and AAAA records for NXDOMAIN responses, there \
> should be no problem for an application that relies on existing domains. SERVFAIL must NOT be \
> manipulated though.
> Why are you using ping? Use nslookup and/or dig.
>
> Here's a patch for BIND that allows you to BLACKLIST the IP addresses of the fake servers - \
> http://sam.zoy.org/writings/internet/verisign/
> And here's a draft on this matter - \
> http://tools.ietf.org/html/draft-livingood-dns-redirect-00
> Concluding, I'm not defending their approach - I don't like it too ;-)
>
> --
> jardel
>
> On Fri, Jul 30, 2010 at 7:23 PM, Paulo Cesar Breim <paulo@breim.com.br> wrote:
> Dear everyone,
>
>
> People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; \
> 208.67.220.220) are victims of a dangerous decision taken by OpenDNS.
> When a user tries to access a non-existing host, OpenDNS manipulates the result and provides \
> the user with its own IP address. For example:
> Let us try to find the following server: “microsoft.apple.com”
> If you are using OpenDNS and ping the above server this is what you get:
>
> ===================
> PING microsoft.apple.com (67.215.65.132): 56data bytes
> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
> ^C
> --- microsoft.apple.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
> ===================
>
> OpenDNS is telling the user that the server “microsoft.apple.com” not only exists but its IP \
> address is 67.215.65.132 !!!
> ..and who is this IP? it is OPENDNS-NET-3.
>
> If, instead, you use Google’s DNS and ping the above server, this is what you get:
>
> ===================
> PCB-2:~ paulo$ ping microsoft.apple.com
> ping: cannot resolve microsoft.apple.com: Unknown host
> PCB-2:~ paulo$
> ===================
>
> Which is the most adequate reply from the DNS server.
>
> So my suggestion is that you should select and use a TRUE DNS Server.
>
> Paulo Cesar Breim
>
> People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; \
> 208.67.220.220) are victims of a dangerous decision taken by OpenDNS.
> When a user tries to access a non-existing host, OpenDNS manipulates the result and provides \
> the user with its own IP address. For example:
> Let us try to find the following server: “microsoft.apple.com”
> If you are using OpenDNS and ping the above server this is what you get:
>
> ===================
> PING microsoft.apple.com (67.215.65.132): 56data bytes
> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
> ^C
> --- microsoft.apple.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
> ===================
>
> OpenDNS is telling the user that the server “microsoft.apple.com” not only exists but its IP \
> address is 67.215.65.132 !!!
> ..and who is this IP? it is OPENDNS-NET-3.
>
> If, instead, you use Google’s DNS and ping the above server, this is what you get:
>
> ===================
> PCB-2:~ paulo$ ping microsoft.apple.com
> ping: cannot resolve microsoft.apple.com: Unknown host
> PCB-2:~ paulo$
> ===================
>
> Which is the most adequate reply from the DNS server.
>
> So my suggestion is that you should select and use a TRUE DNS Server.
>
> Paulo Cesar Breim
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
[Attachment #5 (unknown)]
<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; ">NSLookup has the same problem. Always return opendns \
IP.<div><br></div><div>paulo<br><div><br></div><div><br><div><div>On 31/07/2010, at 04:05, \
Jardel Weyrich wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta \
charset="utf-8"><div>NXDOMAIN manipulation is an old concern. I believe it's being \
redirected for a long time now, but they allow registered users to opt-out, afaik. And \
there are many ISPs practicing this.</div>
<div><div><br></div><div>Additionally, if they're only manipulating A and AAAA records \
for NXDOMAIN responses, there should be no problem for an application that relies on \
existing domains. SERVFAIL must NOT be manipulated though.</div>
<div><br></div><div>Why are you using ping? Use nslookup and/or \
dig.</div><div><br></div><div>Here's a patch for BIND that allows you to BLACKLIST the IP \
addresses of the fake servers - <a \
href="http://sam.zoy.org/writings/internet/verisign/">http://sam.zoy.org/writings/internet/verisign/</a></div>
<div><br></div><div>And here's a draft on this matter - <a \
href="http://tools.ietf.org/html/draft-livingood-dns-redirect-00">http://tools.ietf.org/html/draft-livingood-dns-redirect-00</a></div><div><br></div><div>Concluding, \
I'm not defending their approach - I don't like it too ;-)</div>
<div><br></div><div>--</div><div>jardel</div></div><br><div class="gmail_quote">On Fri, Jul 30, \
2010 at 7:23 PM, Paulo Cesar Breim <span dir="ltr"><<a \
href="mailto:paulo@breim.com.br">paulo@breim.com.br</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;">Dear everyone,<br> <br>
<br>
People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; \
208.67.220.220) are victims of a dangerous decision taken by OpenDNS.<br> <br>
When a user tries to access a non-existing host, OpenDNS manipulates the result and provides \
the user with its own IP address. For example:<br> <br>
Let us try to find the following server: “<a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a>”<br> If you are using OpenDNS and ping the above server \
this is what you get:<br> <br>
===================<br>
PING <a href="http://microsoft.apple.com/" target="_blank">microsoft.apple.com</a> \
(67.215.65.132): 56data bytes<br> 64 bytes from <a href="http://67.215.65.132/" \
target="_blank">67.215.65.132</a>: icmp_seq=0 ttl=49 time=192.743 ms<br> 64 bytes from <a \
href="http://67.215.65.132/" target="_blank">67.215.65.132</a>: icmp_seq=1 ttl=49 time=194.997 \
ms<br> 64 bytes from <a href="http://67.215.65.132/" target="_blank">67.215.65.132</a>: \
icmp_seq=2 ttl=49 time=200.954 ms<br> ^C<br>
--- <a href="http://microsoft.apple.com/" target="_blank">microsoft.apple.com</a> ping \
statistics ---<br> 3 packets transmitted, 3 packets received, 0.0% packet loss<br>
round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms<br>
===================<br>
<br>
OpenDNS is telling the user that the server “<a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a>” not only exists but its IP address is 67.215.65.132 \
!!!<br>
..and who is this IP? it is OPENDNS-NET-3.<br>
<br>
If, instead, you use Google’s DNS and ping the above server, this is what you get:<br>
<br>
===================<br>
PCB-2:~ paulo$ ping <a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a><br>
ping: cannot resolve <a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a>: Unknown host<br> PCB-2:~ paulo$<br>
===================<br>
<br>
Which is the most adequate reply from the DNS server.<br>
<br>
So my suggestion is that you should select and use a TRUE DNS Server.<br>
<br>
Paulo Cesar Breim<br>
<br>
People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; \
208.67.220.220) are victims of a dangerous decision taken by OpenDNS.<br> <br>
When a user tries to access a non-existing host, OpenDNS manipulates the result and provides \
the user with its own IP address. For example:<br> <br>
Let us try to find the following server: “<a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a>”<br> If you are using OpenDNS and ping the above server \
this is what you get:<br> <br>
===================<br>
PING <a href="http://microsoft.apple.com/" target="_blank">microsoft.apple.com</a> \
(67.215.65.132): 56data bytes<br> 64 bytes from <a href="http://67.215.65.132/" \
target="_blank">67.215.65.132</a>: icmp_seq=0 ttl=49 time=192.743 ms<br> 64 bytes from <a \
href="http://67.215.65.132/" target="_blank">67.215.65.132</a>: icmp_seq=1 ttl=49 time=194.997 \
ms<br> 64 bytes from <a href="http://67.215.65.132/" target="_blank">67.215.65.132</a>: \
icmp_seq=2 ttl=49 time=200.954 ms<br> ^C<br>
--- <a href="http://microsoft.apple.com/" target="_blank">microsoft.apple.com</a> ping \
statistics ---<br> 3 packets transmitted, 3 packets received, 0.0% packet loss<br>
round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms<br>
===================<br>
<br>
OpenDNS is telling the user that the server “<a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a>” not only exists but its IP address is 67.215.65.132 \
!!!<br>
..and who is this IP? it is OPENDNS-NET-3.<br>
<br>
If, instead, you use Google’s DNS and ping the above server, this is what you get:<br>
<br>
===================<br>
PCB-2:~ paulo$ ping <a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a><br>
ping: cannot resolve <a href="http://microsoft.apple.com/" \
target="_blank">microsoft.apple.com</a>: Unknown host<br> PCB-2:~ paulo$<br>
===================<br>
<br>
Which is the most adequate reply from the DNS server.<br>
<br>
So my suggestion is that you should select and use a TRUE DNS Server.<br>
<font color="#888888"><br>
Paulo Cesar Breim<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> </font></blockquote></div><br>
</blockquote></div><br></div></div></body></html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic