Topic 'Re: OpeNDNS' in forum '' - dslreports.com

Re: OpeNDNS

Tue, 11 Nov 2008 17:19:29 EDT

Raphion posted : I have 4.2.2.4-5 as my DNS, but when I go to »entropy.dns-oarc.net/test/ it tells me my server names are:
1. 209.244.5.159 (ics2.Atlanta1.Level3.net)
2. 209.244.7.132 (unknown.Level3.net)
No gtei there. As I understand it, those 4.2.2.x addresses aren't actually server addresses, but rather, requests to those addresses are routed to the nearest available Level3.net DNS servers.

Re: OpeNDNS

Tue, 11 Nov 2008 10:18:30 EDT

kontos posted :

said by kieranmullen:

nslookup 4.2.2.1Server:  dcs-gw1.dcs-netAddress:  192.168.10.1 Name:    vnsc-pri.sys.gtei.netAddress:  4.2.2.1 nslookup 4.2.2.2Server:  dcs-gw1.dcs-netAddress:  192.168.10.1 Name:    vnsc-bak.sys.gtei.netAddress:  4.2.2.2 nslookup 4.2.2.3Server:  dcs-gw1.dcs-netAddress:  192.168.10.1 Name:    vnsc-lc.sys.gtei.netAddress:  4.2.2.3

I suspect that that is a result of sloppy reverse DNS management on Level3's part.
Verizon (gtei.net) doesn't seep to agree that those hostnames are theirs:

kontos:~$ host vnsc-pri.sys.gtei.netvnsc-pri.sys.gtei.net does not exist, try againkontos:~$ host vnsc-bak.sys.gtei.netvnsc-bak.sys.gtei.net does not exist, try againkontos:~$ host vnsc-lc.sys.gtei.netvnsc-lc.sys.gtei.net does not exist, try again

and the servers appear to indicate that they are managed by Level3:

kontos:~$ dig @4.2.2.1 ch txt version.bind ; <<>> DiG 9.3.4-P1.1 <<>> @4.2.2.1 ch txt version.bind; (1 server found);; global options:  printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38023;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION:;version.bind.                  CH      TXT ;; ANSWER SECTION:version.bind.           0       CH      TXT     "If you have a legitimate reason for requesting this info, please contact hostmaster@Level3.net" ;; Query time: 6 msec;; SERVER: 4.2.2.1#53(4.2.2.1);; WHEN: Tue Nov 11 15:13:02 2008;; MSG SIZE  rcvd: 137

Re: OpeNDNS

Mon, 10 Nov 2008 23:46:27 EDT

NetFixer posted :

said by NetAdmin1:

said by jester121:

That will be a very interesting day in the IT field, when we learn who's sloppy and who's not.

Or who can remember their ISPs DNS servers. 4.2.2.2 was such a great server because it was so easy to use during an initial setup when you didn't have easy access to your ISPs DNS addresses or just plain forgot the DNS server address.

I think the "interesting day" and "sloppy" references are about the unknown thousands of PCs currently using the 4.2.2.x DNS servers because some tech did a quick fix 5 years ago and now nobody even remembers that it had been done.

The downtime and ISP and IT department headaches that will result on the day those DNS servers become restricted to authorized users could rival the problems caused by Blaster and Welchia.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers.

Re: OpeNDNS

Mon, 10 Nov 2008 23:34:57 EDT

NetAdmin1 posted :

said by jester121:

That will be a very interesting day in the IT field, when we learn who's sloppy and who's not.

Re: OpeNDNS

Mon, 10 Nov 2008 23:09:20 EDT

NetFixer posted :

said by kieranmullen:

I believe the above lends some information on the intermixing...

I believe the term for this type of perpetual post buyout/merger usage is grandfathering.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers.

Re: OpeNDNS

Mon, 10 Nov 2008 22:59:51 EDT

kieranmullen posted : I believe the above lends some information on the intermixing...

said by NetFixer:

said by kieranmullen:

Why would level3 have a hold on IP blocks from verizon? You would think that verizon would have many of its own blocks registered.

Re: OpeNDNS

Mon, 10 Nov 2008 22:57:55 EDT

NetFixer posted :

said by kieranmullen:

Why would level3 have a hold on IP blocks from verizon? You would think that verizon would have many of its own blocks registered.

Why would Microsoft need to use Akamai Technologies servers and IP adresses? The simple answer is that corporations sub contract and sub lease services and properties from other corporations all the time.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers.

Re: OpeNDNS

Mon, 10 Nov 2008 22:52:57 EDT

kieranmullen posted : ask... well I suppose I could have looked it up as well.

Why would level3 have a hold on IP blocks from verizon? You would think that verizon would have many of its own blocks registered.

»www.isp-planet.com/news/2002/lvl···129.html

Level3 bought genuity.com which was the networking GTE I believe. Verizon bought GTE.

Nevermind its a mess that does not benefit me knowing in anyway. I will just assume for the foreseeable future that the Level 3 servers will work with Verizon FIOS

Re: OpeNDNS

Mon, 10 Nov 2008 22:34:26 EDT

NetFixer posted :

said by kieranmullen:

They are the servers that are used for Verizon Fios Setup too! I wonder if they have some sort of agreement with them.

Ask and ye shall receive

nslookup 4.2.2.1Server:  dcs-gw1.dcs-netAddress:  192.168.10.1 Name:    vnsc-pri.sys.gtei.netAddress:  4.2.2.1 nslookup 4.2.2.2Server:  dcs-gw1.dcs-netAddress:  192.168.10.1 Name:    vnsc-bak.sys.gtei.netAddress:  4.2.2.2 nslookup 4.2.2.3Server:  dcs-gw1.dcs-netAddress:  192.168.10.1 Name:    vnsc-lc.sys.gtei.netAddress:  4.2.2.3 ----------------------------------------------------------------------- whois gtei.net Registrant:        Verizon Trademark Services LLC        Verizon Trademark Services LLC        1320 North Court House Road         Arlington VA 22201        US        domainlegalcontact@verizon.com +1.7033513164 Fax: +1.7033513669    Domain Name: gtei.net        Registrar Name: Markmonitor.com        Registrar Whois: whois.markmonitor.com        Registrar Homepage: http://www.markmonitor.com    Administrative Contact:        Domain Administrator        Verizon Trademark Services LLC        1320 North Court House Road         Arlington VA 22201        US        domainlegalcontact@verizon.com +1.7033513164 Fax: +1.7033513669    Technical Contact, Zone Contact:        Domain Technician        Verizon        1320 North Court House Road         Arlington VA 22201        US        sysmgr@verizon.com +1.7033513164 Fax: +1.7033513669    Created on..............: 1997-12-10.    Expires on..............: 2010-12-08.    Record last updated on..: 2008-11-06.    Domain servers in listed order:    dnsauth3.sys.gtei.net    dnsauth2.sys.gtei.net    dnsauth1.sys.gtei.net

The reason that the 4.2.2.x DNS servers are frequently referred to as Level3 servers is that the IP NetRange/CIDR is owned by Level3.

whois 4.2.2.1 OrgName:    Level 3 Communications, Inc. OrgID:      LVLTAddress:    1025 Eldorado Blvd.City:       BroomfieldStateProv:  COPostalCode: 80021Country:    USNetRange:   4.0.0.0 - 4.255.255.255 CIDR:       4.0.0.0/8 NetName:    LVLT-ORG-4-8NetHandle:  NET-4-0-0-0-1Parent:     NetType:    Direct AllocationNameServer: NS1.LEVEL3.NETNameServer: NS2.LEVEL3.NETComment:    RegDate:    Updated:    2004-06-04OrgAbuseHandle: APL8-ARINOrgAbuseName:   Abuse POC LVLT OrgAbusePhone:  +1-877-453-8353OrgAbuseEmail:  abuse@level3.comOrgTechHandle: ARINC4-ARINOrgTechName:   ARIN Contact OrgTechPhone:  +1-800-436-8489OrgTechEmail:  arin-contact@genuity.comOrgTechHandle: TPL1-ARINOrgTechName:   Tech POC LVLT OrgTechPhone:  +1-877-453-8353OrgTechEmail:  ipaddressing@level3.com

--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers.

Re: OpeNDNS

Mon, 10 Nov 2008 20:59:54 EDT

kieranmullen posted :

said by jester121:

No clue about that, we run our own internal DNS. The thing is that Level 3's 4.2.2.x servers aren't "officially" open to the public like OpenDNS ones are, they've just been around forever and easy to remember. I use them occasionally for troubleshooting or if I need to go to an ISP website to fix someone's computer...

They are the servers that are used for Verizon Fios Setup too! I wonder if they have some sort of agreement with them. Simply typing DNS in the help section of Verizon.net did not yield any results except for a dial up dns server.

Re: OpeNDNS

Mon, 10 Nov 2008 20:46:38 EDT

jester121 posted : No clue about that, we run our own internal DNS. The thing is that Level 3's 4.2.2.x servers aren't "officially" open to the public like OpenDNS ones are, they've just been around forever and easy to remember. I use them occasionally for troubleshooting or if I need to go to an ISP website to fix someone's computer...

Re: OpeNDNS

Mon, 10 Nov 2008 20:45:56 EDT

backfeed posted : I am using Open DNS now on my networks, I have used Level 3's in a pinch, but I always thought that it was wrong to use them as a standard. They do work good, but I am really surprised that they have left them open to the public for so long...
--
There is 10 types of people. Those whom can read Binary and those who cannot.

Re: OpeNDNS

Mon, 10 Nov 2008 20:11:39 EDT

kieranmullen posted : Is it considered sloppy to put clients on OpenDNS rather than their ISP's dns? I mean OpenDNS has so many other nice options as far as filtering goes as well and the ads are not a big turnoff.

said by jester121:

Level 3 mentioned in passing (about the time the details on the cache poisoning proof of concept came out) that they would eventually be shutting off public access to their beloved and ubiquitous 4.2.2.x DNS servers.

That will be a very interesting day in the IT field, when we learn who's sloppy and who's not.

Re: OpeNDNS

Mon, 10 Nov 2008 19:35:53 EDT

jester121 posted : Level 3 mentioned in passing (about the time the details on the cache poisoning proof of concept came out) that they would eventually be shutting off public access to their beloved and ubiquitous 4.2.2.x DNS servers.

That will be a very interesting day in the IT field, when we learn who's sloppy and who's not.

Re: OpeNDNS

Mon, 10 Nov 2008 18:05:27 EDT

baineschile posted : Obviously there are plenty of alternatives, most which are safe. I just saw such an increase in page loading and java when i switched to OPEN DNS

Re: OpeNDNS

Mon, 10 Nov 2008 17:56:09 EDT

jlivingood posted :

said by NetFixer:

said by baineschile:

The only way to go.

OpenDNS is certainly ONE solution, but it is definitely NOT the ONLY solution. :uhh:

In fact, the DNS servers used by your ISP (Comcast) are also immune to the Kaminsky DNS vulnerability referred to in the article.

That is correct.

Jason
--
JL
Comcast

Re: OpeNDNS

Mon, 10 Nov 2008 17:52:50 EDT

Rob_ posted : there's also

4.2.2.2
4.2.2.3 which are level 3 hosted DNS sites.

Re: OpeNDNS

Mon, 10 Nov 2008 17:42:11 EDT

NetFixer posted :

said by baineschile:

The only way to go.

said by Dan Kaminsky :

I do think Nominum, and ComCast by extension, need some credit for working to develop more intensive protections against this attack...

It's not every day that Comcast and I are on the same side of the fence (ahem, net neutrality). This is however a much graver threat, and frankly more ISP's need to follow Comcast's lead here (now there are words I never thought I'd write!).

--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers.

OpeNDNS

Mon, 10 Nov 2008 17:16:51 EDT

baineschile posted : The only way to go.