How to check if my ISP is changing in any way a request to Google's DNS?

1

The problem is that superuser.com, stackexchange.com and many other sites didn't work.

When I was debugging the problem, I tried nslookup:

user@host:~$ nslookup superuser.com 8.8.8.8
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find superuser.com: SERVFAIL

user@host:~$ nslookup superuser.com 8.8.4.4
Server:     8.8.4.4
Address:    8.8.4.4#53

** server can't find superuser.com: SERVFAIL

But then, using this page: http://www.kloth.net/services/nslookup.php

... here is the nslookup result for superuser.com from server 8.8.8.8, querytype=A :

 DNS server handling your query: 8.8.8.8
 DNS server's address:  8.8.8.8#53

 Non-authoritative answer:
 Name:  superuser.com
 Address: 104.16.32.193
 Name:  superuser.com
 Address: 104.16.125.192
 Name:  superuser.com
 Address: 104.16.126.192
 Name:  superuser.com
 Address: 104.16.127.192
 Name:  superuser.com
 Address: 104.16.33.193

So there was clearly a problem trying to reach Google's DNS IP. I then made a telnet to see if port 53 was open in my router:

user@host:~$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.

Everything is working, so my last suspect is that the ISP is hijacking the IP somehow. How could I test it?

EDIT:

mtr trace:

 Host                                                          Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.2.254                                               0.0%   120    0.5   0.4   0.2   0.7   0.0
 2. 170.210.178.1                                               0.0%   120    1.1   1.0   0.7   1.3   0.0
 3. riu-unpaz-100M.BUENOS-AIRES.riu.edu.ar                      0.0%   120    1.8   4.4   1.7 182.0  18.3
 4. rgda3-dc-sol.riu.edu.ar                                     0.0%   119    2.8   3.2   2.1   7.1   0.8
 5. google-riu.riu.edu.ar                                       0.0%   119    2.3   2.5   2.0  16.1   1.5
 6. 66.249.95.205                                               0.8%   119    2.6   2.8   2.4   3.6   0.0
 7. google-public-dns-a.google.com                              0.0%   119    2.5   2.5   2.2   3.2   0.0

JorgeeFG

Posted 2016-04-28T18:08:03.993

Reputation: 366

I've heard of this several times recently but not seen proof until now. It would be interesting to know who your isp is, or at least what country you are located in. – Tyson – 2016-04-28T18:32:31.397

Relevant: ISP tricks DNS?

– DavidPostill – 2016-04-28T18:33:33.487

1@Tyson I added some info, maybe my ISP has a Google mirror or something like that, then intercepts packets to Google's 8.8.8.8 and sends them to the mirror, and it was down or with problems. – JorgeeFG – 2016-04-28T18:47:55.300

Why did you attempt to connect to your router, using telnet on port 53, instead of the telnet port (23). 53 is the DNS port. Your dianostic steps don't make sense. Of course you can't telnet on port 53, the telnet service is running on port 23 on your router more then likely, and the DNS service (if it has one) would be running on port 53 – Ramhound – 2016-04-28T19:11:27.120

No answers

Asked: 2016-04-28T18:08:03.993

Viewed: 1 319 times

Active: 2016-04-28T18:46:42.963