[ooni-dev] Understanding how client resolver is determined
khairil.yusof at sinarproject.org
Wed Aug 3 11:05:16 UTC 2016
On Rab, 2016-08-03 at 12:34 +0200, Arturo Filastò wrote:
> Hi Khairil,
> The system resolver is determined by querying a public service run by
> akamai called whoami.akamai.net.
> You can see our implementation of such service to see how it works
> We don’t use our own servers for doing this as we are assuming that
> using a public service vs using
> something hosted on a ooni.* domain is more stealth.
> The basic idea behind how it works is that you do an A lookup for a
> special domain and the delegated
> authoritative name server will reflect back the IP address from where
> the query originated.
> The reason why you are seeing a different IP than that where you are
> directing your queries to is that
> quite often DNS resolvers are deployed in a way where the machine
> actually doing the queries and
> then caching them are different than those where you make queries to.
> As an example with the google DNS resolver you will see this:
> $ dig +short whoami.akamai.net @18.104.22.168
> However you can confirm that actually that IP is in the range
> allocated to google:
> $ whois 22.214.171.124 | grep ^Organization
> Organization: Google Inc. (GOGL)
> Hope this answers your question.
> ~ Arturo
Thanks Arturo, that's a very clear explanation and also the pointer to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 213 bytes
Desc: This is a digitally signed message part
More information about the ooni-dev