2
Here is my problem:
When connected to my FIOS ISP, with no router, I.E, directly connected to my FIOS modem, I am getting different A
DNS records than I am when connected to a different ISP/Network.
- On my FIOS ISP I run:
nslookup netflix.com
- this is with no dns specified, and get:
Non-authoritative answer:
Name: netflix.com
Addresses: 2a01:578:3::22fa:2993
2a01:578:3::3413:2893
2a01:578:3::341f:91b7
2a01:578:3::34d1:eb8d
2a01:578:3::341e:2dc6
2a01:578:3::36ab:7445
2a01:578:3::34d2:745
2a01:578:3::341f:b664
54.77.143.196
52.208.135.54
34.252.179.162
52.209.79.186
52.17.227.174
52.51.252.111
54.171.187.60
52.30.103.23
- Again, on my FIOS ISP, I then run:
nslookup netflix.com 85.203.37.1
with the85.203.37.1
DNS resolver specified, and I get back exactly the same thing as (1):
Non-authoritative answer:
Name: netflix.com
Addresses: 2a01:578:3::22fa:2993
2a01:578:3::3413:2893
2a01:578:3::341f:91b7
2a01:578:3::34d1:eb8d
2a01:578:3::341e:2dc6
2a01:578:3::36ab:7445
2a01:578:3::34d2:745
2a01:578:3::341f:b664
54.77.143.196
52.208.135.54
34.252.179.162
52.209.79.186
52.17.227.174
52.51.252.111
54.171.187.60
52.30.103.23
- However, now what is totally boggling my mind, if I run
nslookup netflix.com 85.203.37.1
with the85.203.37.1
DNS resolver specified, on any other network, that is through a VPN, or on mobile devices, etc. I get back
Non-authoritative answer:
Name: netflix.com
Addresses: 198.255.83.3
107.182.237.252
(3) happens to be the response I am expecting to get back, what I don't understand is how, when connected to my FIOS ISP in (2), it's almost as though I have not specified a DNS resolver, even though I have, and how the A
DNS records are exactly the same as the ones which my ISP's DNS returns.
The thing that makes this really weird for me is that, this seems like some kind of DNS interception or hijacking. And after doing, a lot of Googling about DNS interception, it's not clear to me that it is actually occuring.
Annoyingly, I can't find one consistent test which will always prove that DNS request are being intercepted, I guess because there are so many different ways to intercept or redirect DNS requests. Some of the 'tests' I have done are these:
- https://padlock.argh.in/2019/04/28/sky-dns-interception.html
- https://superuser.com/a/1348765/450105
- https://labs.ripe.net/Members/babak_farrokhi/is-your-isp-hijacking-your-dns-traffic
In all of these tests, I don't seem to get any of the intercepting-is-happening results.
I have tried to learn as much as I can about the specifics of DNS interception, but it is so complicated, that I can't say I understand it. But, given the information I have collected, the only explanation I can think of is that my FIOS ISP is somehow rewriting A
DNS records.
Is this a reasonable conclusion, or is there something I have missed?
I have put the disclaimer that I might be going crazy, because this problem is slowly driving me insane .
netflicks is known to play stupid games with IP geolocation, the ISP may be doing this to assist you in bypassing that. where abouts are you? – Jasen – 2019-11-16T19:08:25.813
1Is
85.203.37.1
a server under your control? – user1686 – 2019-11-16T19:10:06.013Hi @grawity no it is not. – nmu – 2019-11-17T06:18:46.590
1Do you have some other server under your control then? (I.e. anything you could run "tcpdump -n port 53" at) – user1686 – 2019-11-17T09:21:14.457