[TriLUG] Results from namebench

Aaron Joyner aaron at joyner.ws
Wed Feb 26 10:20:32 EST 2014


I suspect the 'hijacked' results may be that you're getting different
results from those nameservers due to varying amounts of geolocation
capabilities.  If I can find the time I'll peek at the namebench code again
to see how he's making those determinations.

Regardless, none of the look particularly troubling or accurate, save maybe
the NXDOMAIN hijacking.  Those addresses for www.google.com all have PTRs
to 1e100.net.  The twitter IPs have no PTRs, but they're from a netblock
very clearly allocated to twitter, and paypal's just redirecting to
Akamai's DNS hosting.

The NXDOMAIN also seems like it might be a false positive, if I make an
arbitrary (and invalid) query ala $($ dig www @209.18.47.62), I get a
response with an empty ANSWER section, as expected?

Aaron S. Joyner


On Wed, Feb 26, 2014 at 9:59 AM, Bill Farrow <bill at arrowsreach.com> wrote:

> On Mon, Feb 24, 2014 at 9:13 PM, Aaron Joyner <aaron at joyner.ws> wrote:
> > Collect the data on what matters, how fast the various options are for
> you,
> > from your internet connection:
> > https://code.google.com/p/namebench/
>
> I ran this on my DNS server at work:
> Recommended configuration (fastest + nearest):
> ----------------------------------------------
> nameserver 208.67.222.222  # OpenDNS-2
> nameserver 127.0.0.1       # Localhost IPv4
> nameserver 209.18.47.61    # RoadRunner NC US
>
>
> ********************************************************************************
> In this test, OpenDNS-2 is 23.7%: Faster
>
> ********************************************************************************
>
> It also reported hijacked and incorrect domain lookups which is
> worrying. Are these false positives ?
>
> 209.18.47.62    RoadRunner NC-2 US 20  ms | www.google.com is
> hijacked: 74.125.228.210, 74.125.228.211, 74.125.228.212,
> 74.125.228.208, 74.125.228.209, NXDOMAIN Hijacking (www), twitter.com
> appears incorrect: 199.16.156.38, 199.16.156.198, 199.16.156.6,
> www.paypal.com is hijacked: www.paypal.com.akadns.net
>
> 8.8.8.8         Google Public DNS  40  ms | www.google.com is
> hijacked: 74.125.228.243, 74.125.228.244, 74.125.228.240,
> 74.125.228.242, 74.125.228.241, twitter.com appears incorrect:
> 199.16.156.6, 199.16.156.102, 199.16.156.38, www.paypal.com is
> hijacked: www.paypal.com.akadns.net
>
>
>
> Bill
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> Welcome to TriLUG: http://trilug.org/welcome
>


More information about the TriLUG mailing list