[ooni-dev] Detection of DNS used by probe
clodo at clodo.it
Tue Jul 14 13:59:34 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hi, i recently do some maintenance on a website called ipleak.net.
I added a json/api feature, and i think can be useful in a OONI probe
to detect DNS spoofing/injection.
For example, fetch this: (change the third-level domain to a random hash
The domain are resolved by ISP, they DNS query ask the resolution of
the random domain to our authoritative server,
our server collect the IP address of the latest ISP DNS that request
the domain and report it in the http response.
Note that if the ISP have more DNS server (load-balancing), doing
multiple requests (every with a new hash) can return many DNS IP.
For example, here in Italy doesn't matter if i try to use Google DNS
220.127.116.11, my ISP (Vodafone) always do a 'Transparent DNS', they capture
any request over port 53 and redirect to their DNS.
If a country do the same thing for censorship reason, you can detect
it with this technique.
If this feature is interesting for OONI, feel free to use it on
ipleak.net throught our API.
Otherwise, if you prefer to implement yourself, i'm here for free
You need a domain with NS record that point to a server you control
(dns authoritative), a bind9, a named-pipe between bind9 and a script,
and a wildcard SSL certificate if you want all under SSL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the ooni-dev