FW: [LINK] unlawful interception of internet traffic?

Craig Sanders cas at taz.net.au
Fri Dec 8 10:20:31 AEDT 2006

On Fri, Dec 08, 2006 at 09:00:23AM +1100, Daniel Rose wrote:
> > > To test ... if you set your DNS lookup to come from elsehwere 
> > > (avoiding using the ISP's DNS resolvers) .. do you now get 
> > the correct results?
> > 
> > yes.  i've already tried this.
> Craig, does this mean "yes other DNS servers work fine, I already tried
> this" or does it mean "Yes I tried this and it's still broken".

it means if i use another resolver (e.g. at another ISP) then i get the
correct data in response.

> If the latter, this implies that UDP:53 DNS packets outbound to a third
> party are not only held undelelivered by the ISP, but that the ISP is
> replying on behalf of the other server.  

that's what i thought was happening until just a few minutes ago....but
I just checked my /etc/resolv.conf config file. i should have done this

it turns out that i forgot that i had listed the ISP's nameserver as a
backup resolver, so if my name server is unable to get an answer for
any reason (e.g. network outage, routing problems, or as in this case
firewall rules), it will directly query the ISP's nameserver.

so there is no packet diversion happening.

they are, however, blocking all access to the rival ISPs' IP addresses
(which is what is causing my NS to time-out when trying to reach the
real NS, thus causing my resolver to ask the ISP's nameserver).

and they have configured their name-server to claim to be authoritative
for the rival ISP's domain and are providing false data to queries about
that domain.

they shouldn't be doing either of these things.


craig sanders <cas at taz.net.au>           (part time cyborg)

More information about the Link mailing list