[185795] in North American Network Operators' Group
Re: DNSSEC and ISPs faking DNS responses
daemon@ATHENA.MIT.EDU (Alarig Le Lay)
Fri Nov 13 09:26:51 2015
X-Original-To: nanog@nanog.org
Date: Fri, 13 Nov 2015 11:21:27 +0100
From: Alarig Le Lay <alarig@swordarmor.fr>
To: nanog@nanog.org
In-Reply-To: <5645AD08.8070104@vaxination.ca>
Errors-To: nanog-bounces@nanog.org
--AXxEqdD4tcVTjWte
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri Nov 13 04:27:36 2015, Jean-Francois Mezei wrote:
> I'll have to research how other countries tried to implement similar
> schemes (I believe the UK has with some of the popular torrent sites.
>=20
> I know the Australian attempt to filter porn failed miserably.
We also have some torrent sites blocked in France, for exemple:
alarig@HP-Z210:~$ dig +noall +comments +answer t411.me @193.252.19.3
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38309
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; ANSWER SECTION:
t411.me. 16418 IN A 127.0.0.1
alarig@HP-Z210:~$ dig +noall +comments +answer t411.me=20
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41652
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; ANSWER SECTION:
t411.me. 70 IN A 104.18.37.180
t411.me. 70 IN A 104.18.36.180
But, if you look at the flags, there=E2=80=99s no ad, so no DNSSEC (my reso=
lver
has DNSSEC enabled)
--=20
alarig
--AXxEqdD4tcVTjWte
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWRbmnAAoJEK84SsFrICuIVHsH/33C9qK20msFqK5GitqiuLQf
qGOVWaUgf2K8gDqSmTZuxfkWu+lDB/3A5Y4iy+Hh5pecmSGvZvRQrxVyEoNGntU6
uN5MlDcS1uZricuBETUb14xHPZFM88hqxHZflQ3m4uP/viwVNYKPJI2bT9KfljXK
S5WiTz33E4xWxxkHA0idQxnzMAoEDWOLbAQXTUTqZBp7SJ6v1U2wf8CrccSlFJvv
QCirpM0KnG3i7nPvyprG4jtGcxLQjJgFqjrYqxftsdURYL/+IMFekHNAJIYf9dua
YETFnscNnTEPTTnnoYqlc/qR2HRg4DQ3TR0t6qBn/wrUEz/+j15lJx+MjRlH8bU=
=53nU
-----END PGP SIGNATURE-----
--AXxEqdD4tcVTjWte--
