This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Sep 29 15:45:08 CEST 2017
On Fri, Sep 29, 2017 at 02:56:12PM +0200, Baptiste Jonglez <baptiste.jonglez at imag.fr> wrote a message of 56 lines which said: > What I mean by "traffic interception" is that DNS queries from the > probe to a third-party DNS server do not reach the server, but are > intercepted and answered by a middle-box instead. Many interceptors (for instance the GFC) do so only when the request matches some criteria. "Intercepting" is not all-or-nothing. > It seems that the "DNS Root Instances" map could be used for that purpose, > because DNS traffic interception shows up as if the probe was contacting > an "Unknown" root instance. There are many rogue root instances (with anycast, it can be difficult to be sure of talking to a real root) so a strange instance is not always DNS interception. > I also looked for DNS-related tags on probes, but could not find > anything useful. System tag "clean DNS" would certainly be useful but, as the two examples above show, it is difficult to define precisely.
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]