nanog mailing list archives
Re: Google Captcha on web searches
From: Damian Menscher via NANOG <nanog () nanog org>
Date: Wed, 11 Nov 2015 07:17:22 -0800
On Tue, Nov 10, 2015 at 2:43 PM, Chris Murray <chris () ipstuff ca> wrote:
The "popular open dns services" you refer to appear to be Proxy/VPN services that also provide DNS to get around region blocking. These services proxy and/or NAT users behind a single IP address to make it look like you are coming from a different country. I may be biased, but when I think of popular open DNS services I think of OpenDNS or Google DNS, and you should *never* see a captcha as a result of using OpenDNS. Disclaimer: I work for OpenDNS, and while I can't speak to Google DNS, I have never heard of this behaviour with their service either.
Chris: as you correctly note, this can only happen if the DNS provider returns falsified records to hijack traffic and MITM it through their own proxies. But it sounds like you're unaware of the dark past of OpenDNS where they did exactly that, and their users got Google captchas as a result (they don't do this anymore). To answer the other questions/comments on the list: - You're responsible for all the traffic that comes from your IP. Joe, if you put 600 users behind an IPv4/32 you'd better make sure you have controls in place to keep malware (and shady browser extensions) off their machines. - The obvious way to avoid needing to share a NAT address is to switch to IPv6 if possible, as Nich said. - Google looks at an IPv4/32 or IPv6/64 by default (may be /56 or /48 for some hosting providers). If you have significant numbers of users sharing a /64, please explain why? Is it because you hate your users? ;) Damian
Current thread:
- Re: Google Captcha on web searches, (continued)
- Re: Google Captcha on web searches Chris Murray (Nov 10)
- Re: Google Captcha on web searches Nikolay Shopik (Nov 10)
- Re: Google Captcha on web searches Mark Tinka (Nov 10)
- Re: Google Captcha on web searches Christopher Morrow (Nov 11)
- Re: Google Captcha on web searches Mark Tinka (Nov 11)
- Re: Google Captcha on web searches Christopher Morrow (Nov 11)
- Re: Google Captcha on web searches Mark Tinka (Nov 11)
- Re: Google Captcha on web searches Christopher Morrow (Nov 11)
- Re: Google Captcha on web searches Mark Tinka (Nov 11)
- RE: Google Captcha on web searches Ian Mock (Nov 11)
- Re: Google Captcha on web searches Damian Menscher via NANOG (Nov 11)