tor provided me first warning of corrupted ISP name servers

Sven Anderson sven at anderson.de
Sun Aug 24 17:08:57 UTC 2008


Am 24.08.2008 um 17:47 schrieb Scott Bennett:

>     Yesterday my tor server logged a message advising me of name  
> server
> problem at the Comcast name servers whose addresses are given via  
> DHCP to
> my computer upon connection to the Comcast network:
>
> Aug 23 17:11:32.227 [notice] Your DNS provider gave an answer for  
> "y75smsh5mk7ggb.test", which is not supposed to exist.  Apparently  
> they are hijacking DNS failures. Trying to correct for this.  We've  
> noticed 1 possibly bad addresses so far.

Are these tests done by the tor software? I think this tests are not  
valid, since services like OpenDNS.com reply _every_ name with an  
address:

---
$ host -v -t a y75smsh5mk7ggb.test. 208.67.220.220
Trying "y75smsh5mk7ggb.test"
Using domain server:
Name: 208.67.220.220
Address: 208.67.220.220#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33093
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;y75smsh5mk7ggb.test.		IN	A

;; ANSWER SECTION:
y75smsh5mk7ggb.test.	0	IN	A	208.69.34.132

Received 53 bytes from 208.67.220.220#53 in 36 ms
---

This is due to the fact, that they want to redirect typos to the  
correct addresses. If you want, they even do stuff like ad blocking,  
phishing protection and similar. That would also explain redirects of  
known addresses like google.com.

I guess OpenDNS.com has become quite popular, since Dan Kaminsky  
himself proposed to use it, if you have no chance to fix your DNS  
against the recently published security hole. So if your provider  
forwards to OpenDNS for security/financial reasons, you will see such  
behaviour.

You can check if your DNS is safe on DK's blog (in the sidebar): http://www.doxpara.com/

Can I switch off these tests in tor?


Cheers,

Sven

-- 
http://sven.anderson.de    "Believe those who are seeking the truth.
tel:    +49-551-9969285     Doubt those who find it."
mobile: +49-179-4939223                                 (André Gide)



More information about the tor-talk mailing list