IETF Logo Mail Archive

Re: [97attendees] Room DNS not of high fidelity

Bill Fenner <fenner@fenron.com> Sat, 12 November 2016 04:31 UTC

Return-Path: <fenner@fenron.com>
X-Original-To: 97attendees@ietfa.amsl.com
Delivered-To: 97attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 200511293EE for <97attendees@ietfa.amsl.com>; Fri, 11 Nov 2016 20:31:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102
X-Spam-Level:
X-Spam-Status: No, score=-102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fenron.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id let-i27_ZGrl for <97attendees@ietfa.amsl.com>; Fri, 11 Nov 2016 20:31:41 -0800 (PST)
Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D581129475 for <97attendees@ietf.org>; Fri, 11 Nov 2016 20:31:41 -0800 (PST)
Received: by mail-ua0-x22e.google.com with SMTP id 51so28115616uai.1 for <97attendees@ietf.org>; Fri, 11 Nov 2016 20:31:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fenron.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z8Sx2gz2V/VTV3o4Fheev38OV9sS+rFW40p5xX8s8Nw=; b=QtRELvgtOoaJ9U1m7ptuAoAEbl4DdDAArbNq211mOTjDaSSHQ+Nm4hdaZi03MFLWIf y0BrhY2TnUcb5Jx/v7MQeESPDXYRwpFj1lS816L9yHgYAjGB4OqI7Fv+iEwvxftsoHWV a4dMQ6s+Wt7y8IWMKjLGdWhdvn0Hj/llBELlM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z8Sx2gz2V/VTV3o4Fheev38OV9sS+rFW40p5xX8s8Nw=; b=epp9+DWZ6wt17bNbijQSNIkOPEpKKT7mxiVsBAuDAUEP7U02l/a6jy8vpLTutPUj52 m88UNYFg92XMfndMQ2zOkFefXUieoRIF7wrANjFQzKyGAvnCAhfCoX//3DEG1DoPmZzf 2bVHgpmJfphsHdNtpGrz239d1EePopL1P3lDc6uTOtAEB3WFdx+T7XPwwFdc7PCIvs4i cpjRn8u0pW2oV3HoL9nAYIlI1MAh3AdVYlZaOsNAMouhKpQnH2qxi/3CL8aWDggYqChf M/zXHSrOhlC9oY2OLLjkGMtitJpR+iIA8I3wQOZIiX5AG2bnxwNahFGSqBR8h5EjKkg6 Tr3A==
X-Gm-Message-State: ABUngvfP+O+UNj/3TW5OWv/0Y6xfm6EbA7ZN0B6Ga1eknIgm2Lukl57twm63zpjLFQJHNWeMHyFGEs6WXyIh7Q==
X-Received: by 10.176.6.233 with SMTP id g96mr4143318uag.97.1478925100329; Fri, 11 Nov 2016 20:31:40 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.80.225 with HTTP; Fri, 11 Nov 2016 20:31:39 -0800 (PST)
In-Reply-To: <0dfb274e-31c9-c88c-d3d3-12bd14ca94cf@gmail.com>
References: <b6b858e8-b89e-cd3e-8925-65a73c1616ff@nostrum.com> <0dfb274e-31c9-c88c-d3d3-12bd14ca94cf@gmail.com>
From: Bill Fenner <fenner@fenron.com>
Date: Fri, 11 Nov 2016 23:31:39 -0500
Message-ID: <CAATsVbZJBxF3Q9sOEN8Qeq2zHV99GwWxHiRn4XJ2ZgBKGd5qUw@mail.gmail.com>
To: joel jaeggli <joelja@gmail.com>
Content-Type: multipart/alternative; boundary=94eb2c04515c41404a05411315e8
Archived-At: <https://mailarchive.ietf.org/arch/msg/97attendees/_bNbbUEC-F4C7uoMJct7IEKtzPg>
Cc: 97attendees@ietf.org, Adam Roach <adam@nostrum.com>
Subject: Re: [97attendees] Room DNS not of high fidelity
X-BeenThere: 97attendees@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Mailing list of IETF 97 attendees that have opted in on this list." <97attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/97attendees>, <mailto:97attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/97attendees/>
List-Post: <mailto:97attendees@ietf.org>
List-Help: <mailto:97attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/97attendees>, <mailto:97attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Nov 2016 04:31:43 -0000

My DNS is in San Jose, so I get an Akamai node in San Jose, and it also
responds with "You don't have permission to access "
http://www.homedepot.com/" on this server."  tcptraceroute shows that there
is nothing transparently intercepting this traffic (unless it is a really
fantastic faker, letting the traffic travel through NTT to San Jose before
intercepting it).

To me this says that this is Akamai deciding that the IETF address space
should not access this url.

  Bill


On Fri, Nov 11, 2016 at 11:16 PM, joel jaeggli <joelja@gmail.com> wrote:

> can replicate.
>
> The dns resolves to an akamai edge node in  locally in sk broadband's
> netowork...
>
> does not not appear that the dns is either incorrect or being manipulated.
>
> On 11/12/16 10:01 AM, Adam Roach wrote:
> > Just as a warning --
> >
> > The circuits in the hotel rooms (at least, as of Saturday morning)
> > appear to be local circuits rather than the normal IETF infrastructure.
> > Normally, this wouldn't be notable, but the DNS servers don't appear to
> > necessarily be doing things correctly. I noticed this when I tried to go
> > to http://www.homedepot.com this morning, and was greeted with an error
> > message.
> >
> > What's really odd is that the name "www.homedepot.com" was resolving to
> > a Korean IP address (123.215.198.10). After bringing up my VPN, i was
> > able to get to the correct web site just fine.
> >
> > So if you're seeing strange behavior in the rooms, you probably want to
> > either use a VPN or manually configure your DNS to use a known-good
> server.
> >
> > /a
> >
> >
> > P.S. I suspect there's an object lesson in here about DNSSEC, but I'm
> > not entirely sure what it is.
> >
> > _______________________________________________
> > 97attendees mailing list
> > 97attendees@ietf.org
> > https://www.ietf.org/mailman/listinfo/97attendees
>
>
>
> _______________________________________________
> 97attendees mailing list
> 97attendees@ietf.org
> https://www.ietf.org/mailman/listinfo/97attendees
>
>

v2.8.7 | Report a Bug | By Email