[ooni-dev] Understanding how client resolver is determined

Khairil Yusof khairil.yusof at sinarproject.org
Wed Aug 3 11:05:16 UTC 2016

On Rab, 2016-08-03 at 12:34 +0200, Arturo Filastò wrote:
> Hi Khairil,
> The system resolver is determined by querying a public service run by
> akamai called whoami.akamai.net.
> You can see our implementation of such service to see how it works
> here:
> https://github.com/TheTorProject/ooni-backend/blob/master/oonib/testh
> elpers/dns_helpers.py#L26
> We don’t use our own servers for doing this as we are assuming that
> using a public service vs using
> something hosted on a ooni.* domain is more stealth.
> The basic idea behind how it works is that you do an A lookup for a
> special domain and the delegated
> authoritative name server will reflect back the IP address from where
> the query originated.
> The reason why you are seeing a different IP than that where you are
> directing your queries to is that
> quite often DNS resolvers are deployed in a way where the machine
> actually doing the queries and
> then caching them are different than those where you make queries to.
> As an example with the google DNS resolver you will see this:
> $ dig +short whoami.akamai.net @
> However you can confirm that actually that IP is in the range
> allocated to google:
> $ whois | grep ^Organization
> Organization:   Google Inc. (GOGL)
> Hope this answers your question.
> ~ Arturo

Thanks Arturo, that's a very clear explanation and also the pointer to
the code.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/ooni-dev/attachments/20160803/58af17d5/attachment.sig>

More information about the ooni-dev mailing list