|
[BC] Shaw DNS redirect for google?I was looking at my firewall logs last night, and i noticed that my wifes android phone was talking to a shaw ip address alot.
The address when you go to it in a web browser, has the google page! 24.244.19.212
I naturally thought this was some sort of attack or redirection, but when i went onto my DNS server and did a query for google.ca, I got a list of SHAW servers. WTF! i say to myself. So then i tried querying opendns:
nslookup google.ca 208.67.222.222
and I get this:
Server: 208.67.222.222 Address: 208.67.222.222#53
Non-authoritative answer: Name: google.ca Address: 24.244.19.212 Name: google.ca Address: 24.244.19.237 Name: google.ca Address: 24.244.19.222 Name: google.ca Address: 24.244.19.242 Name: google.ca Address: 24.244.19.241 Name: google.ca Address: 24.244.19.232 Name: google.ca Address: 24.244.19.216 Name: google.ca Address: 24.244.19.217 Name: google.ca Address: 24.244.19.221 Name: google.ca Address: 24.244.19.236 Name: google.ca Address: 24.244.19.247 Name: google.ca Address: 24.244.19.251 Name: google.ca Address: 24.244.19.231 Name: google.ca Address: 24.244.19.246 Name: google.ca Address: 24.244.19.227 Name: google.ca Address: 24.244.19.226
all shaw ip addresses! so whats going on here? is shaw intercepting my DNS requests and using its own local caching server? how would I turn this behaviour off? I dont want shaw to be intercepting my private communications with google. Sure they are the ISP, and we have to trust them, but I would rather be talking directly to google, especially for sensitive things like her webmail. I would hate to think its all cached on some shaw server.
Anyone seeing this? am I just being crazy or have done something really wrong? I purposefully run my own DNS servers for many reasons and privacy is one of them. Are there other sites that shaw is injecting its claws into? is it only google because google is special?
duckduckgo.com seems to resolve fine. |
|
|
If you are worried about Shaw doing strange things with DNS queries, change to google:
8.8.8.8 |
|
kevinds Premium Member join:2003-05-01 Calgary, AB |
to noclue6
Shaw hosts some Google servers in Vancouver, for use by the Shaw customers.
Most medium and large sized ISPs do this,
Those are some of the same servers that were being looked at when the YouTube buffering issue was happening.
It is ok... |
|
|
Well thats the point, I am *not* using shaw's dns servers. Like so:
C:\Users\USERNAME>nslookup google.com 8.8.8.8
Server: google-public-dns-a.google.com Address: 8.8.8.8
Non-authoritative answer: Name: google.com Addresses: 2607:f8b0:400a:800::1008 24.244.19.227 24.244.19.236 24.244.19.212 24.244.19.216 24.244.19.226 24.244.19.251 24.244.19.217 24.244.19.241 24.244.19.242 24.244.19.237 24.244.19.222 24.244.19.247 24.244.19.231 24.244.19.232 24.244.19.221 24.244.19.246 |
|
1 edit |
to noclue6
Switch over to encrypted Google. » encrypted.google.com.ca version » www.google.ca/If they redirect that, then really bitch about intercepting/redirecting encrypted communications. You can also use HTTPS everywhere » www.eff.org/https-everywherefor firefox or chrome to force your browser to use the encrypted versions of websites. Some site that have an expired encrypted key may generate an security error. |
|
|
to noclue6
Install the addon/extension noscript or it's equivalent on your computer browser.
You'll find ALOT of websites use google-analytics. Even dslreports does.
Wouldn't surprise me if that was what's tracking you. |
|
fender join:2007-07-23 Vancouver, BC |
to noclue6
I run bind internally because I don't care to give shaw, google, or the NSA any more information conveniently packaged for their consumption whenever possible. |
|
|
1. I am trying to bitch about that. But I doubt I can just call up some tier 1 shaw tech and explain this. Want to mainly know if others are seeing it. Theres nothing I can do really about it except change ISPs (if i care enough). They do appear to be redirecting https: from firewall: tcp 24.244.19.227:443 <- 192.168.1.XXX:52136 ESTABLISHED:ESTABLISHED
tcp 192.168.1.XXX:52136 -> SHAWIP_ROUTER:5531 -> 24.244.19.227:443 ESTABLISHED:ESTABLISHED
tcp 24.244.19.182:443 <- 192.168.1.XXX:52139 ESTABLISHED:ESTABLISHED
tcp 192.168.1.XXX:52139 -> SHAWIP_ROUTER:53514 -> 24.244.19.182:443 ESTABLISHED:ESTABLISHED
2. The device in question is my wifes google phone on my wifi. I already do not use google and block it with noscript. I have an ad blocking application on her rooted phone, but you cannot block google on a google phone... I try and stay away from google, but that is irrelevant. 3. I am running nameserver BIND 9.8.1-P1 locally, looking up from root servers (for better or worse practice wise). It does not matter what namesever I resolve from, the IP addresses always come up as shaw addresses. I would have assumed there was a redirect somewhere and be looking for that if i hadnt tried opendns and google dns and gotten the same shaw IP addresses back. Either shaw is proxying any lookup for google, or google itself is returning closest local mirror based on my ip address. Since my isp is shaw, it returns shaw. It is either interesting behaviour, or I am being a real retard and cannot see my obvious error in logic. |
|
3 edits |
to noclue6
Maybe a detecting the Shaw proxy is over-riding your DNS box? "auto detect proxy settings" I do like ISP's that are a dumb pipe. And I guess you have patched Bind(though the bug may not effect your version of bind). » kb.isc.org/article/AA-00967Hopefully I do not assume wrong, that a Shaw proxy could crash your dns root resolver lookups with its proxy interference? A bit technical for me, but that would be assuming that you are not actually reaching your wanted dns resolvers resulting in Shaw overriding your DNS cache. And your ISP gateway(?) is or still is in a bridge mode? » deepthought.isc.org/arti ··· tes.html2008. [func] It is now possible to enable/disable DNSSEC validation from rndc. This is useful for the mobile hosts where the current connection point breaks DNSSEC (firewall/proxy). [RT #15592] I do find it annoying(for other ISP's) where Google sets up a local node along with the forced ISP redirect and that breaks DNS. With YouTube, people had to block the ISP's Youtube IP to avoid buffering. |
|
stolen join:2004-04-12 Calgary, AB |
to noclue6
Shaw is not re-directing https. These are Google caches on Shaw's network. Telus has them as well on their network, as do most reasonably sized ISPs. Google may be redirecting you to these servers, but Shaw is not doing any "tricks" to make this happen.
|
|
kevinds Premium Member join:2003-05-01 Calgary, AB |
to noclue6
or google itself is returning closest local mirror based on my ip address
This is what is happening...
It would be much more annoying for it to return an IP in Germany for your traffic from Canada, the "best" servers are picked... |
|
3 edits |
to stolen
said by stolen:Shaw is not re-directing https. These are Google caches on Shaw's network. Telus has them as well on their network, as do most reasonably sized ISPs. Google may be redirecting you to these servers, but Shaw is not doing any "tricks" to make this happen. But that would be only if you were to use Telus DNS servers. I can not remember if a 'Telus IP google' was still named 'Google'. Been ages since I did tracert using Telus DNS(Google-chilliwack?). I get 74.125.228.73 or 173.194.33.32(this one seems to be in Seattle) For my Google pages at this time using Telus with a non-Telus DNS provider. So the 'trick' that Shaw is doing is ignoring the users DNS settings(or hard coded IP) and over-riding with a Shaw DNS. Hey it may have Googles crap covered hand in the redirect. Like Rogers had with misspelled text address's being sent to an ad page search engine. The other way to block Shaws hijacking would be if blocking the certain IP's would kill the redirect. That is what some Rogers customers wallets did to block the notice/ad insertions into webpages. |
|
fender join:2007-07-23 Vancouver, BC |
fender
Member
2013-Jun-10 7:38 pm
I'm seeing the same results you're seeing here on Shaw.
Every other machine I have out there in the world sees this..
google.com has address 173.194.43.37 google.com has address 173.194.43.35 google.com has address 173.194.43.41 google.com has address 173.194.43.39 google.com has address 173.194.43.36 google.com has address 173.194.43.32 google.com has address 173.194.43.33 google.com has address 173.194.43.40 google.com has address 173.194.43.38 google.com has address 173.194.43.46 google.com has address 173.194.43.34 google.com has IPv6 address 2607:f8b0:4006:803::1003 google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. |
|
kevinds Premium Member join:2003-05-01 Calgary, AB |
kevinds
Premium Member
2013-Jun-10 7:44 pm
Make sure you are using google.ca for lookups to be consistant
This is what I get though,
C:\Users\kevin>nslookup google.ca. Server: UnKnown Address: 192.168.5.6
Non-authoritative answer: Name: google.ca Addresses: 2607:f8b0:400a:801::101f 173.194.33.56 173.194.33.63 173.194.33.55
C:\Users\kevin>ping google.ca
Pinging google.ca [2607:f8b0:400a:801::101f] with 32 bytes of data: Reply from 2607:f8b0:400a:801::101f: time=48ms Reply from 2607:f8b0:400a:801::101f: time=51ms Reply from 2607:f8b0:400a:801::101f: time=48ms Reply from 2607:f8b0:400a:801::101f: time=48ms
Ping statistics for 2607:f8b0:400a:801::101f: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 48ms, Maximum = 51ms, Average = 48ms |
|
fender join:2007-07-23 Vancouver, BC |
fender
Member
2013-Jun-10 7:47 pm
You're quite right -- I never use google.ca personally so my fingers don't type it.
google.ca has address 173.194.40.152 google.ca has address 173.194.40.159 google.ca has address 173.194.40.151 google.ca has IPv6 address 2a00:1450:4007:808::101f google.ca mail is handled by 20 alt1.aspmx.l.google.com. google.ca mail is handled by 30 alt2.aspmx.l.google.com. google.ca mail is handled by 40 alt3.aspmx.l.google.com. google.ca mail is handled by 50 alt4.aspmx.l.google.com. google.ca mail is handled by 10 aspmx.l.google.com. |
|
fender |
fender
Member
2013-Jun-10 7:50 pm
Finally a different result geographically.
In Atlanta I get..
google.ca has address 74.125.139.94 google.ca has IPv6 address 2607:f8b0:4002:c03::5e google.ca mail is handled by 50 alt4.aspmx.l.google.com. google.ca mail is handled by 20 alt1.aspmx.l.google.com. google.ca mail is handled by 10 aspmx.l.google.com. google.ca mail is handled by 30 alt2.aspmx.l.google.com. google.ca mail is handled by 40 alt3.aspmx.l.google.com. |
|
|
to humanfilth
Shaw isn't hijacking anything.
As others have mentioned this is the "Google Global Cache" and has been around for years now. Previously using opendns would break it, I guess maybe they've now got a workaround in place with them so that people on Shaw still get redirected to the Shaw cache servers when querying opendns servers.
Also, Shaw has absolutely no control or visibility in to the cache servers. They are 100% owned and operated by Google, they just happen to be placed inside Shaw's network.
Google also controls which server you get redirected to. If you're in Vancouver on Shaw, you may get pointed to the servers that Shaw hosts, you may get pointed to some in Seattle, you might get pointed elsewhere... totally up to google. |
|
fender join:2007-07-23 Vancouver, BC |
to noclue6
It appears that google's authoritative answers actually return geographically rel. results even when queried directly using Dig.
Nothing to be more concerned about than normal regarding Google (trust them about as far as you can throw a cloud.) |
|
1 edit |
Inate
Anon
2013-Jun-16 3:16 pm
This is all normal Google behavior, if you have a gripe, speak to them.
|
|