nanog mailing list archives
Re: DNS Hijacking? - FiOS Northeast
From: Jim Popovitch via NANOG <nanog () nanog org>
Date: Wed, 09 Jan 2019 21:08:48 -0500
On Wed, 2019-01-09 at 18:30 +0000, Phil Lavin wrote:
We are seeing DNS requests for A and AAAA to 8.8.8.8 come back with erroneous replies resolving to 146.112.61.106 when sent via FiOS circuits in the northeast. Anyone else seeing issues with DNS on FiOS in Northeast? Issue started around 12:25 AM ET this morning and seems to be affecting customers in PA, RI, etc..146.112.61.106 appears to be an Anycast IP served by OpenDNS when pages are blocked by the Cisco Umbrella service - https://support.ope ndns.com/hc/en-us/articles/227986927-What-are-the-Cisco-Umbrella- Block-Page-IP-Addresses- Are you sure the queries are going to Google 8.8.8.8 and not OpenDNS? What URL(s) are you seeing this on? Do you have a traceroute to 8.8.8.8 from an affected site?
You can also do:
~$ dig TXT test.dns.google.com @8.8.8.8
"Thanks for using Google Public DNS."
hth,
-Jim P.
Current thread:
- DNS Hijacking? - FiOS Northeast Blake Mckeeby (Jan 09)
- RE: DNS Hijacking? - FiOS Northeast Phil Lavin (Jan 09)
- Re: DNS Hijacking? - FiOS Northeast Jim Popovitch via NANOG (Jan 10)
- RE: DNS Hijacking? - FiOS Northeast Chris Kimball (Jan 09)
- RE: DNS Hijacking? - FiOS Northeast Phil Lavin (Jan 09)