-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi, i recently do some maintenance on a website called ipleak.net. I added a json/api feature, and i think can be useful in a OONI probe to detect DNS spoofing/injection.
For example, fetch this: (change the third-level domain to a random hash ):
https://a_long_random_hash_for_every_request.ipleak.net?mode=json
The domain are resolved by ISP, they DNS query ask the resolution of the random domain to our authoritative server, our server collect the IP address of the latest ISP DNS that request the domain and report it in the http response.
Note that if the ISP have more DNS server (load-balancing), doing multiple requests (every with a new hash) can return many DNS IP.
For example, here in Italy doesn't matter if i try to use Google DNS 8.8.8.8, my ISP (Vodafone) always do a 'Transparent DNS', they capture any request over port 53 and redirect to their DNS. If a country do the same thing for censorship reason, you can detect it with this technique.
If this feature is interesting for OONI, feel free to use it on ipleak.net throught our API.
Otherwise, if you prefer to implement yourself, i'm here for free support. You need a domain with NS record that point to a server you control (dns authoritative), a bind9, a named-pipe between bind9 and a script, and a wildcard SSL certificate if you want all under SSL.
Ciao! Clodo