ISP fake result
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jul 27 00:24:32 UTC 2004
samsouk wrote:
>Hello,
>
>my isp is returning a fake address for non-existant domain names
>
>------------------------------------
>host xsxsxsxsxsxsxsxsxsxsxs.com 194.117.200.10
>Using domain server:
>Name: 194.117.200.10
>Address: 194.117.200.10#53
>Aliases:
>
>xsxsxsxs.com has address 82.97.10.68
>------------------------------------
>
>this dns (194.117.200.10) is always returning 82.97.10.68 wich is the
>address of a web-server. The isp says it is to help customers (!!!)
>
>I have bind-9.2.2 on my local network, acting as a caching nameserver.
>Is it possible to filter these results (replacing 82.97.10.68 with a
>'not-found' result) ?
>
>I know I can block this on the firewall but I really need valid dns-lookup
>
Are you forwarding to your ISP's nameserver(s)? If so, then you can fix
the problem by not forwarding to them any more.
If they are modifying your DNS packets on-the-fly, then this is
extremely bad. They should be whacked upside the head for doing things
like that. Or, if you prefer a less violent approach, get a new ISP.
- Kevin
More information about the bind-users
mailing list