5

For certain host names my DNS gives me a wrong ip address (the ip address of a transparent proxy) for which inverse DNS look up does not give me back the host I originally looked up.

This is related to but not the same as Forward-confirmed reverse DNS and DNS Hijacking.

I would like to know if this violates any DNS standards or ISP practices.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • You could opt to use a third-party DNS service, like Comodo or Google. – Iszi Jul 22 '12 at 04:15
  • I would add the courts in the UK have ordered such measures n certain cases too. It would depend on your contract with your ISP. – ewanm89 Jul 22 '12 at 11:28

1 Answers1

3

Laws are a local thing, so what's legal here might not be legal somewhere else, but as a rule this sort of thing isn't directly legislated on. A court might extend some previously-existing law to cover this type of thing, but I haven't heard of that anywhere yet.

Does it break the standard? Yes and no. If I ask a server for the current time and it instead gives me back the current open market price for bananas formatted as a time -- well, the time is wrong but the formatting isn't. It does look like the time, after all. The standards around DNS cover protocols and formatting; the answer you give to a query reflects your opinion as to what the correct answer is, and that bit isn't in the spec. You and I might disagree on the correct address, but the fact that you successfully retrieved my answer means that I followed the standard at the very least.

It's not uncommon for ISPs to redirect NX domains to their own "site finder" search engine pages, though this practice is widely frowned upon and openly scorned by people who like to defend the Internet and stuff like that, but it still happens and doesn't appear to draw legal action.

On the the other hand, if you get a false response for domains that truly do exist, this might be called a "man in the middle attack", and could start drifting into the darker shades of grey on the legality color chart. And it certainly smells malicious. Best to ditch your ISP's DNS server post-haste. There's dozens of handy publicly-usable DNS servers out there: 8.8.8.8 is run by Google, 4.2.2.2 and 4.2.2.1 are run by Level 3 I think and are generally very fast.

But test and verify. There are some networks that intercept DNS traffic and redirect it to their own DNS servers no matter where you attempt to send it. There's Sprint's 3G network that does this, for example (last time I checked, at least, they may have reformed but probably not).

tylerl
  • 82,225
  • 25
  • 148
  • 226