Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] [URGENT] [ROUND-ROBIN] DNS POISONING/POSSIBLE MITM ATTACK

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] [URGENT] [ROUND-ROBIN] DNS POISONING/POSSIBLE MITM ATTACK


Chronological Thread  
  • From: Se7en <se7en AT cock.email>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] [URGENT] [ROUND-ROBIN] DNS POISONING/POSSIBLE MITM ATTACK
  • Date: Tue, 31 Aug 2021 14:25:27 -0700

On 21-08-31 15:40:26, Lennart Seitz wrote:
> what resolver did you use before switching to google? Keep in mind that
> DNS is a plaintext protocol, perhaps somebody MITM your request?

I am using both Anycast servers for resolver. As of Tue 31 Aug 2021
09:21:57 PM UTC the issue remains. I do not know how to detect the
specific server the Anycast server brings back.

> >From my side i can verify that duckduckgo.com is resolving correctly on
> the T2 i am running and also the anycast (which you probabbly ment by
> round-robin?) under 134.195.4.2 by NextGi.

I do not know why this is, I have confirmed that switching from
OpenNIC's Anycast to GoogleDNS fixes the problem. I have confirmed it
is not the result of a hacked DNS Blackhole (my PiHole), and I have
also confirmed it is not the result of malicious NAT. All signs point
to an improper configuration on OpenNIC's end for their Anycast
service.

If there is additional debug information you request, I am willing to
provide such within reason.


--
|-----/ | Se7en
/ The One and Only! | se7en AT cock.email
/ | 0x0F83F93882CF6116
/ | https://se7en-site.neocities.org

Attachment: signature.asc
Description: PGP signature




Archive powered by MHonArc 2.6.24.

Top of Page