We are seeing DNS requests for A and AAAA to 8.8.8.8 come back with erroneous replies resolving to 146.112.61.106 when sent via FiOS circuits in the northeast. Anyone else seeing issues with DNS on FiOS in Northeast? Issue started around 12:25 AM ET this morning and seems to be affecting customers in PA, RI, etc.. -- Sincerely, Blake McKeeby
We are seeing DNS requests for A and AAAA to 8.8.8.8 come back with erroneous replies resolving to 146.112.61.106 when sent via FiOS circuits in the northeast. Anyone else seeing issues with DNS on FiOS in Northeast? Issue started around 12:25 AM ET this morning and seems to be affecting customers in PA, RI, etc..
146.112.61.106 appears to be an Anycast IP served by OpenDNS when pages are blocked by the Cisco Umbrella service - https://support.opendns.com/hc/en-us/articles/227986927-What-are-the-Cisco-U... Are you sure the queries are going to Google 8.8.8.8 and not OpenDNS? What URL(s) are you seeing this on? Do you have a traceroute to 8.8.8.8 from an affected site?
On Wed, 2019-01-09 at 18:30 +0000, Phil Lavin wrote:
We are seeing DNS requests for A and AAAA to 8.8.8.8 come back with erroneous replies resolving to 146.112.61.106 when sent via FiOS circuits in the northeast. Anyone else seeing issues with DNS on FiOS in Northeast? Issue started around 12:25 AM ET this morning and seems to be affecting customers in PA, RI, etc..
146.112.61.106 appears to be an Anycast IP served by OpenDNS when pages are blocked by the Cisco Umbrella service - https://support.ope ndns.com/hc/en-us/articles/227986927-What-are-the-Cisco-Umbrella- Block-Page-IP-Addresses-
Are you sure the queries are going to Google 8.8.8.8 and not OpenDNS?
What URL(s) are you seeing this on?
Do you have a traceroute to 8.8.8.8 from an affected site?
You can also do: ~$ dig TXT test.dns.google.com @8.8.8.8 "Thanks for using Google Public DNS." hth, -Jim P.
FWIW Looks to be OpenDNS IP https://support.opendns.com/hc/en-us/articles/227986927-What-are-the-Cisco-U... It’s being abused… https://www.abuseipdb.com/check/146.112.61.106 From: NANOG <nanog-bounces@nanog.org> On Behalf Of Blake Mckeeby Sent: Tuesday, January 8, 2019 3:43 PM To: nanog@nanog.org Subject: DNS Hijacking? - FiOS Northeast We are seeing DNS requests for A and AAAA to 8.8.8.8 come back with erroneous replies resolving to 146.112.61.106 when sent via FiOS circuits in the northeast. Anyone else seeing issues with DNS on FiOS in Northeast? Issue started around 12:25 AM ET this morning and seems to be affecting customers in PA, RI, etc.. -- Sincerely, Blake McKeeby - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The information contained in this electronic message may be confidential, and the message is for the use of intended recipients only. If you are not the intended recipient, do not disseminate, copy, or disclose this communication or its contents. If you have received this communication in error, please immediately notify me by replying to the email or call MIS Alliance at 617-500-1700 and permanently delete this communication.
participants (4)
-
Blake Mckeeby
-
Chris Kimball
-
Jim Popovitch
-
Phil Lavin