Hi, You wrote:
You can’t blame your service provider for hijacking your DNS traffic or running DPI on their network these days. In fact most of them use DPI to some extent for various reasons.
Yes, I would blame my ISP for that. That's something I wouldn't expect as a customer (and I don't want it). Some ISPs with Carrier NATed IPv4 are setting up transparent SIP proxies for circumvention of NAT problems caused by multiple NAT on carrier side. It regulary happens that SIP registration or SIP calls won't work because of... Yes, no one knows because the SIP proxy is doing weird stuff and preventing customers from using SIP with any provider in the world. When your provider has a slight problem with his DNS-Layer7-Filtering-Proxy you won't be able to use *any* DNS resolver. Even if the ISP is filtering some "evil" DNS requests (perhaps something used by trojans) the ISP shall do this on his own DNS resolvers, but not intercepting network traffic. You've done your experiment with UDP - does the ISPs interception also work when you use TCP für connecting to a DNS server? And what answer do you get when asking for "whoami.akamai.net"? You'll get an A record with the IP address of the client that asked the authoritative DNS server. What your tunnel provider probably is doing is to ensure that you are not leaking your IP address to external DNS resolvers, maybe for privacy reasons or to circumvent geoblocking attempts used by (for example) Netflix. But also in this case this is really scary... Greetings Max Am 06.07.2016 um 12:55 schrieb Mirjam Kuehne:
Dear colleagues,
Please find a new article by Babak Farrokhi on RIPE Labs:
Is your ISP Hijacking your DNS Traffic?
Kind regards, Mirjam Kuehne RIPE NCC