doc_strange (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
doc_strange) wrote2006-05-01 08:56 am
doc_strange) wrote2006-05-01 08:56 am
Useful service to see if you're behind a transparent DNS proxy
This useful tidbit came across from Pawel Rogocz on the djbdns mailing list today.
If you don't know what actual host is really doing your DNS lookups - or you suspect that, despite having your DNS resolver set to xxx.xxx.xxx.xxx, some network trick is going on, and some other host is actually doing the lookups... you can look up whoami.ultradns.net. It always returns the IP address of the actual DNS server that is doing the query.
Very nice. So now if you're on some hotel network set up with a tunnel to work, but DNS pointed at your favorite open DNS resolver, you can check whether the hotel net is playing games with you. Or your cable provider. Or your DSL provider....
Why does it matter? Well, first off, some folks use alternative DNS roots - for corporate name space, and for extensions on the 'normal' DNS root. The intercepting box may be a benign "feature" of the network you're on, but have a way out of date root nameserver file, causing you to fail to resolve new TLDs like .name. And finally, it may be a security concern if someone is intercepting and giving you bogus DNS responses and you rely on the names (rather than on a site certificate being correct, but you knew that didn't you?). Of course, a savvy man-in-the-middle attacker will just return the correct IP you suspect, but this'll let you know about all the cache engines and proxies you might encounter that get in your DNS way.
host whoami.ultradns.net
nslookup whoami.ultradns.net
Whatever tool you like. Useful. You can even uncover nameserver's alternate IPs this way.
host whoami.ultradns.net nameserver.IP.address.here
Coolness.
If you don't know what actual host is really doing your DNS lookups - or you suspect that, despite having your DNS resolver set to xxx.xxx.xxx.xxx, some network trick is going on, and some other host is actually doing the lookups... you can look up whoami.ultradns.net. It always returns the IP address of the actual DNS server that is doing the query.
Very nice. So now if you're on some hotel network set up with a tunnel to work, but DNS pointed at your favorite open DNS resolver, you can check whether the hotel net is playing games with you. Or your cable provider. Or your DSL provider....
Why does it matter? Well, first off, some folks use alternative DNS roots - for corporate name space, and for extensions on the 'normal' DNS root. The intercepting box may be a benign "feature" of the network you're on, but have a way out of date root nameserver file, causing you to fail to resolve new TLDs like .name. And finally, it may be a security concern if someone is intercepting and giving you bogus DNS responses and you rely on the names (rather than on a site certificate being correct, but you knew that didn't you?). Of course, a savvy man-in-the-middle attacker will just return the correct IP you suspect, but this'll let you know about all the cache engines and proxies you might encounter that get in your DNS way.
host whoami.ultradns.net
nslookup whoami.ultradns.net
Whatever tool you like. Useful. You can even uncover nameserver's alternate IPs this way.
host whoami.ultradns.net nameserver.IP.address.here
Coolness.
no subject
> server 4.2.2.1
Default server: 4.2.2.1
Address: 4.2.2.1#53
> whoami.ultradns.net
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
Name: whoami.ultradns.net
Address: 209.244.7.33
>
Maybe I didn't understand, but should this not return 4.2.2.1 ?
no subject
And see, you did.
no subject
However, as of right now, they are all returning the addresses I expect.
This may be simply having looked at too many numbers today. I looked at, um, one. I think. Earlier. (:
no subject