[OTR-dev] OTR homepage DNS poisoned?

Dionysis Zindros dionyziz at gmail.com
Tue Dec 8 19:34:08 EST 2015


Thank you all for your responses.

Alexandre - this does not seem to be a local DNS server hijack. I
tried from two different OTE endpoints with similar results (although
a third one produces correct results, and your query also seems to
produce correct results, so we are inconclusive).

Google's DNS also reports a different IP for me queried from two
different locations; locally via OTE (erdos) it reports incorrect
information, while it reports correct information on the linode
(lovelace) network:

dionyziz at erdos ~ % dig @8.8.8.8 otr.cypherpunks.ca

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 otr.cypherpunks.ca
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15281
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;otr.cypherpunks.ca. IN A

;; ANSWER SECTION:
otr.cypherpunks.ca. 488311 IN A 195.22.126.213

;; Query time: 25 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Dec  9 02:30:05 2015
;; MSG SIZE  rcvd: 52

[0] dionyziz at lovelace ~ % dig @8.8.8.8 otr.cypherpunks.ca

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 otr.cypherpunks.ca
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2099
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;otr.cypherpunks.ca. IN A

;; ANSWER SECTION:
otr.cypherpunks.ca. 2314 IN A 198.96.155.5

;; Query time: 11 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Dec  9 02:31:02 2015
;; MSG SIZE  rcvd: 52

On Wed, Dec 9, 2015 at 2:16 AM, David Manouchehri
<david at davidmanouchehri.com> wrote:
> This looks like your usual ISP DNS hijacking. Their cache is likely
> out of date or having some connectivity problems.
>
> What's the actual DNS server's IP? Your dig only shows your router
> (192.168.1.1) and not the server.
>
> --
> David Manouchehri
> F0FE 0296 14EA 35BC 9E4FF  9768 A6EC FD0C 4083 9755
> https://keybase.io/manouchehri/key.asc
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev


More information about the OTR-dev mailing list