BT hijacks DNS queries

I just configured a new DNS name in one of my domains, which did not exist before. The associated IP number is routed to Germany. But while the name was not really up, the answer should have been NXDOMAIN, meaning that the name does not exist. Example:

$ dig blablablablabla.oeko.net

; <<>> DiG 9.9.5-8-Debian <<>> blablablablabla.oeko.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38513
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blablablablabla.oeko.net.      IN      A

;; AUTHORITY SECTION:
oeko.net.               139     IN      SOA     a.ns.oeko.net. hostmaster.oeko.net. 1021018254 16384 2048 1048576 2560

;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 12 21:33:53 CET 2015
;; MSG SIZE  rcvd: 105

But instead, they gave a fake answer:

$ dig bla.oeko.net

; <<>> DiG 9.9.5-8-Debian <<>> bla.oeko.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9013
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bla.oeko.net.          IN  A

;; ANSWER SECTION:
bla.oeko.net.       20  IN  A   92.242.132.15

;; Query time: 32 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Feb 12 19:55:14 GMT 2015
;; MSG SIZE  rcvd: 46
$

As a result, I am unable to check whether my DNS performed correctly, until they deceided to throw the fake answer away.

Of course, this has huge potential for censorship of all kinds, which I have seen in action elsewhere already. I am not the only person aggravated by this kind of behaviour. Please follow the link below to read other people's take on this problem.

Thank you!

Links:

  • http://linuxforums.org.uk/index.php?topic=11464.0

Back to top


Freedom and the Internet

It has recently surfaced that an Israely company sold Internet control software to Iran. While the story has an ironic twist, it goes on to highlight some problems with the current trend to "manage" the Internet, detailing the possible adverse effects of such technology on Internet users (like facilitating their arrest and torture). Unfortunately, the article refrains from presenting the facts in a neutral way, but instead points fingers at supposedly rogue states while conveniently ignoring the fact that such technology would work just as well against citizens of Western countries, acting up on their respective governments. They might wake up to quite similar fates when eg. their governments become discontent with the Occupy movement gaining more traction (whatever you might think of that movement in the first place) - and you had your first impressions on that. See for example here, here, or here if you missed it so far. Instead of calling for more vendor-control over such software, the emphasis should be placed on generally banning such software in the first place.

As a techie, I can safely say that often, not having such controls to "monitor" and "manage" usage, but simply using larger, dumber pipes, would probably be equally cost effective, or even cheaper. The only adverse side effect, from the perspective of the carriers and the government, will be that they would have to loosen their grip on the populace (ie, you and me).

Which is basically a good thing, isn't it?

Back to top