Revision history for AbusiveISPs
Revision [3782]
Last edited on 2016-05-30 22:49:37 by CalumMcAlinden [Replaces old-style internal links with new pipe-split links.]Additions:
Please refer to the answer of [[http://unix.stackexchange.com/questions/144482/iptables-to-redirect-dns-lookup-ip-and-port | this question]] to use iptables to reroute your DNS traffic to an alternative port on an OpenNIC server. Remember to change the server's IP address.
||Slovakia||[[http://www.lekosonline.sk/ | Lekos]]||1||
||Belgium / Germany ||[[http://www.belgacom.be/ | belgacom]]||ISP routers require password to change DNS settings. Password is reset periodically and only available to ISP employees. Changing DNS setting on a per-device basis is necessary.||
||Europe||[[http://www.skylogic.it/ | SKYLOGIC S.P.A.]]|| Hijacks DNS requests on port 53 and returns results from their own server. ||
||Slovakia||[[http://www.lekosonline.sk/ | Lekos]]||1||
||Belgium / Germany ||[[http://www.belgacom.be/ | belgacom]]||ISP routers require password to change DNS settings. Password is reset periodically and only available to ISP employees. Changing DNS setting on a per-device basis is necessary.||
||Europe||[[http://www.skylogic.it/ | SKYLOGIC S.P.A.]]|| Hijacks DNS requests on port 53 and returns results from their own server. ||
Deletions:
||Slovakia||[[http://www.lekosonline.sk/ Lekos]]||1||
||Belgium / Germany ||[[http://www.belgacom.be/ belgacom]]||ISP routers require password to change DNS settings. Password is reset periodically and only available to ISP employees. Changing DNS setting on a per-device basis is necessary.||
||Europe||[[http://www.skylogic.it/ SKYLOGIC S.P.A.]]|| Hijacks DNS requests on port 53 and returns results from their own server. ||
Additions:
||Europe||[[http://www.skylogic.it/ SKYLOGIC S.P.A.]]|| Hijacks DNS requests on port 53 and returns results from their own server. ||
Deletions:
Revision [3619]
Edited on 2015-08-03 10:56:07 by CalumMcAlinden [Detect+deal with hijacking. Added SKYLOGIC S.P.A.]Additions:
===Is my ISP intercepting DNS traffic?===
Some abusive ISPs will intercept DNS traffic on port 53 and return results from their own servers instead. This makes access to alternative TLDs difficult, and is a privacy concern as it allows the ISPs to carry out more detailed logging of the domains you resolve.
Some OpenNIC DNS servers also listen on an alternative port (generally 5353) which is less likely to be tampered with by ISPs.
To test if an ISP is tampering with DNS traffic, you can use the dig command from the dnsutils package.
Select a server from the Tier2 page which supports an alternative port. In my example I have used 106.186.17.181.
First, try querying for the root zone (.) on the default port:
%%
dig SOA . @106.186.17.181
...
. 58346 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015080300 1800 900 604800 86400
%%
You can see from the returned SOA above that the DNS request has been hijacked by the ISP as 'a.root-servers.net' is not an OpenNIC DNS server. If the SOA you get looks more like the one below, then your ISP is probably not hijacking your DNS requests.
Now try again on the alternative port:
%%
dig SOA . @106.186.17.181 -p 5353
...
. 86319 IN SOA ns0.opennic.glue. hostmaster.opennic.glue. 2015080301 1800 900 604800 3600
%%
You can see that the SOA returned is OpenNIC's, meaning no hijacking has taken place on the alternative port. If this result differs from the previous result, then your ISP is likely to be hijacking DNS.
===What can I do about it?===
Please refer to the answer of [[http://unix.stackexchange.com/questions/144482/iptables-to-redirect-dns-lookup-ip-and-port this question]] to use iptables to reroute your DNS traffic to an alternative port on an OpenNIC server. Remember to change the server's IP address.
You could also contact your ISP to complain about their use of DNS hijacking.
===Abusive ISP List===
This list is very incomplete. If you are certain that your ISP is hijacking DNS or is involved in other questionable practices, please add it below.
||Belgium / Germany ||[[http://www.belgacom.be/ belgacom]]||ISP routers require password to change DNS settings. Password is reset periodically and only available to ISP employees. Changing DNS setting on a per-device basis is necessary.||
||Europe||[[http://www.skylogic.it/ SKYLOGIC S.P.A.]]|| Hijacks DNS requests on port 53 and returns results from the own server. ||
Some abusive ISPs will intercept DNS traffic on port 53 and return results from their own servers instead. This makes access to alternative TLDs difficult, and is a privacy concern as it allows the ISPs to carry out more detailed logging of the domains you resolve.
Some OpenNIC DNS servers also listen on an alternative port (generally 5353) which is less likely to be tampered with by ISPs.
To test if an ISP is tampering with DNS traffic, you can use the dig command from the dnsutils package.
Select a server from the Tier2 page which supports an alternative port. In my example I have used 106.186.17.181.
First, try querying for the root zone (.) on the default port:
%%
dig SOA . @106.186.17.181
...
. 58346 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015080300 1800 900 604800 86400
%%
You can see from the returned SOA above that the DNS request has been hijacked by the ISP as 'a.root-servers.net' is not an OpenNIC DNS server. If the SOA you get looks more like the one below, then your ISP is probably not hijacking your DNS requests.
Now try again on the alternative port:
%%
dig SOA . @106.186.17.181 -p 5353
...
. 86319 IN SOA ns0.opennic.glue. hostmaster.opennic.glue. 2015080301 1800 900 604800 3600
%%
You can see that the SOA returned is OpenNIC's, meaning no hijacking has taken place on the alternative port. If this result differs from the previous result, then your ISP is likely to be hijacking DNS.
===What can I do about it?===
Please refer to the answer of [[http://unix.stackexchange.com/questions/144482/iptables-to-redirect-dns-lookup-ip-and-port this question]] to use iptables to reroute your DNS traffic to an alternative port on an OpenNIC server. Remember to change the server's IP address.
You could also contact your ISP to complain about their use of DNS hijacking.
===Abusive ISP List===
This list is very incomplete. If you are certain that your ISP is hijacking DNS or is involved in other questionable practices, please add it below.
||Belgium / Germany ||[[http://www.belgacom.be/ belgacom]]||ISP routers require password to change DNS settings. Password is reset periodically and only available to ISP employees. Changing DNS setting on a per-device basis is necessary.||
||Europe||[[http://www.skylogic.it/ SKYLOGIC S.P.A.]]|| Hijacks DNS requests on port 53 and returns results from the own server. ||
Deletions:
If you set up your computer to use OpenNIC and the domains still don't resolve, it's possible that your ISP is intercepting DNS traffic
||Belgium / Germany ||[[http://www.belgacom.be/ belgacom]]||ISP routers require password to change DNS settings. Password is reset periodically and only available to ISP employees. Changing DNS setting on a per-device basis is necessary. ||
Additions:
======Abusive ISPs======
Deletions:
====Slovakia====
17/05/2012 [[http://www.lekosonline.sk/ Lekos]] (1 report)
Additions:
======AbusiveISPs======
Deletions:
Additions:
||Belgium / Germany ||[[http://www.belgacom.be/ belgacom]]||ISP routers require password to change DNS settings. Password is reset periodically and only available to ISP employees. Changing DNS setting on a per-device basis is necessary. ||
