jlivingood’s Techdirt Profile

jlivingood

About jlivingood




jlivingood’s Comments comment rss

  • Nov 8th, 2019 @ 3:13pm

    Re: Re: Re: Re: The Reason

    Comcast's network does not do that (in FD I work there...) NXDOMAIN redirection was done for a short period that ended in January 2012 when DNSSEC Validation was turned on (1st large ISP in the US to do so).

  • Nov 8th, 2019 @ 3:12pm

    Re: Re: Re: The Reason Telecoms don't Want Encrypted DNS Lookups

    Wow - that is all mangled in plain text. Trying again in markdown:

    dig @4.2.2.2 flubboxzing.org

    ; <<>> DiG 9.10.6 <<>> @4.2.2.2 flubboxzing.org
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38884
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    dig @4.2.2.2 nonamehere.example.com

    ; <<>> DiG 9.10.6 <<>> @4.2.2.2 nonamehere.example.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19479
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 8192
    ;; QUESTION SECTION:
    ;nonamehere.example.com. IN A

    ;; AUTHORITY SECTION:
    example.com. 1884 IN SOA ns.icann.org. noc.dns.icann.org. 2019101516 7200 3600 1209600 3600

    ;; Query time: 84 msec
    ;; SERVER: 4.2.2.2#53(4.2.2.2)
    ;; WHEN: Fri Nov 08 18:06:57 EST 2019
    ;; MSG SIZE rcvd: 107

    ;; QUESTION SECTION:
    ;flubboxzing.org. IN A

    ;; Query time: 24 msec
    ;; SERVER: 4.2.2.2#53(4.2.2.2)
    ;; WHEN: Fri Nov 08 18:09:20 EST 2019
    ;; MSG SIZE rcvd: 33

  • Nov 8th, 2019 @ 3:10pm

    Re: Re: The Reason Telecoms don't Want Encrypted DNS Lookups

    Comcast is definitely *not* doing that (I work there). Here is a demonstration using dig @ that server and a name that does not exist. 1st example results in NXDOMAIN. 2nd example gets a SERVFAIL, likely because the auth server does not respond to recursions from 4.2.2.2. dig @4.2.2.2 nonamehere.example.com ; <<>> DiG 9.10.6 <<>> @4.2.2.2 nonamehere.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19479 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 8192 ;; QUESTION SECTION: ;nonamehere.example.com. IN A ;; AUTHORITY SECTION: example.com. 1884 IN SOA ns.icann.org. noc.dns.icann.org. 2019101516 7200 3600 1209600 3600 ;; Query time: 84 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Fri Nov 08 18:06:57 EST 2019 ;; MSG SIZE rcvd: 107 dig @4.2.2.2 flubboxzing.org ; <<>> DiG 9.10.6 <<>> @4.2.2.2 flubboxzing.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38884 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;flubboxzing.org. IN A ;; Query time: 24 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Fri Nov 08 18:09:20 EST 2019 ;; MSG SIZE rcvd: 33