nanog mailing list archives

Re: Level(3) DNS Spoofing All Domains

From: Patrick Schultz <lists-nanog () schultz top>
Date: Tue, 19 Nov 2019 16:55:50 +0100

Just to weigh in: Here in Germany, the largest internet provider (Deutsche Telekom) did the same thing.
It's basically just a "search guide", it redirects you to a search page and assumes you just had a typo in the URL.

Telekom stopped doing that in April, after a user reported them to the district attorney for supposed data 
manipulation, a misdemeanor.

Am 18.11.2019 um 18:45 schrieb Marshall, Quincy:

This is mostly informational and may have already hit this group. My google-foo failed me if so.

 

I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are spoofing all domains. If the hostname begins 
with a “w” and does not exist in the authoritative zone these hosts will return two Akamai hosts.

 

[root@localhost ~]# dig +short w3.dummydomaindoesntexist.gov @4.2.2.2

23.202.231.167

23.217.138.108

[root@localhost ~]# dig +short w3.dummydomaindoesntexist.net @4.2.2.2

23.202.231.167

23.217.138.108

[root@localhost ~]# dig +short w3.dummydomaindoesntexist.com @4.2.2.2

23.202.231.167

23.217.138.108

[root@localhost ~]# dig +short w3.dummydomaindoesntexist.org @4.2.2.2

23.202.231.167

23.217.138.108

 

My apologies if this is old news.

 

*Lawrence Q. Marshall*

 



---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com <http://www.mimecast.com>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Current thread:

Level(3) DNS Spoofing All Domains Marshall, Quincy (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Pierre Emeriaud (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Patrick Schultz (Nov 19)
  - Re: Level(3) DNS Spoofing All Domains Matthew Pounsett (Nov 19)
    - Re: Level(3) DNS Spoofing All Domains Mel Beckman (Nov 19)
    - Re: Level(3) DNS Spoofing All Domains Christopher Morrow (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Brandon Martin (Nov 19)
- RE: Level(3) DNS Spoofing All Domains Ryan, Spencer (Nov 19)
  - RE: Level(3) DNS Spoofing All Domains Marshall, Quincy (Nov 19)
  - Re: Level(3) DNS Spoofing All Domains Mike Bolitho (Nov 19)
    - RE: Level(3) DNS Spoofing All Domains Marshall, Quincy (Nov 19)
    - Re: Level(3) DNS Spoofing All Domains Mike Bolitho (Nov 19)
    - RE: Level(3) DNS Spoofing All Domains Marshall, Quincy (Nov 19)

(Thread continues...)