2
3
Previously I had a router setup to use ISP provided DNS servers, but as of recently I setup two local DNS servers with forwarders set yo google's public dns. Whenever I visit a website which I assume is not yet cached in local DNS router reports a whole bunch of unreplied connections from local DNS server to google's dns server. At the same time internet speed is lagging until router stops reporting unreplied connections.
From what I have read this may be caused by ISP intercepting DNS queries, which I would love to check.
user68740
Posted 2015-04-03T17:41:22.147
Reputation: 279
If you suspect your ISP is intercepting DNS queries stop using their DNS servers.Previous questions on this topic have been asked before.There is easy enough command you can use and lots of other results on this topic.
– Ramhound – 2015-04-03T17:49:32.9702Not using their DNS servers is exactly what I am trying to do, but if they are intercepting DNS queries to public DNS servers and resolving those queries on their end then there isn't much I can do. Ever since switching back to ISP DNS servers as forwarders, there are also no unreplied connections and no issues with internet connections. Therefore, I assume, ISP is fiddling with DNS queries intended for any but their servers, but I was hoping to find a way to get more concrete evidence. Edit: I might try routing DNS queries through remote site using VPN, but that again wont prove much – user68740 – 2015-04-03T18:10:22.463
3
@Ramhound he is talking about an ISP using something like NAT or route trickery to make something like Google's DNS be redirected to the ISP DNS servers. Something like this. http://serverfault.com/questions/672472/redirect-dns-requests-for-8-8-8-8-to-a-local-dns-inside-a-lan/
– Zoredache – 2015-04-03T18:23:20.947I would start by doing a traceroute to the servers you think may be intercepting. I think there are even tools that could do a UDP based traceroute with the port set to 53. See where the replies come from. – Zoredache – 2015-04-03T18:29:33.470
@Zoredache - I know what the author is talking about. – Ramhound – 2015-04-03T18:29:36.807
@Zoredache I have tried tracert random websites that aren't cached in local dns yet with google's and ISP's dns servers set as forwarders. With ISP's DNS, there is no delay nor unreplied connections, whereas with google's there is a slight delay and unreplied connections. Regardless of which dns servers are used, first couple hops are the same. Another stupid test I did "nslookup website.com 8.8.8.8" is not consistent in timing, some requests taking longer than ever and again router reporting unreplied connections. Doesn't happen with ISP's DNS in place of 8.8.8.8 – user68740 – 2015-04-03T18:54:16.467
user68740: Zoredache isn't talking about running tracert to random websites, he's talking about running tracert *to* 8.8.8.8. – Scott – 2015-04-03T19:05:01.057
Have you also tried OpenDNS instead of Googles DNS to see whether you have a poor route. I know from experience that sometimes Google's DNS is slower and sometimes OpenDNS is slower. – Julian Knight – 2015-04-03T21:11:53.683
Possible duplicate of How can I tell if my ISP is redirecting my DNS queries?
– Sourav Ghosh – 2018-08-13T19:11:11.740