nanog mailing list archives
RE: DNS Hijacking? - FiOS Northeast
From: Phil Lavin <phil.lavin () cloudcall com>
Date: Wed, 9 Jan 2019 18:30:19 +0000
We are seeing DNS requests for A and AAAA to 8.8.8.8 come back with erroneous replies resolving to 146.112.61.106 when sent via FiOS circuits in the northeast. Anyone else seeing issues with DNS on FiOS in Northeast? Issue started around 12:25 AM ET this morning and seems to be affecting customers in PA, RI, etc..
146.112.61.106 appears to be an Anycast IP served by OpenDNS when pages are blocked by the Cisco Umbrella service - https://support.opendns.com/hc/en-us/articles/227986927-What-are-the-Cisco-Umbrella-Block-Page-IP-Addresses- Are you sure the queries are going to Google 8.8.8.8 and not OpenDNS? What URL(s) are you seeing this on? Do you have a traceroute to 8.8.8.8 from an affected site?
Current thread:
- DNS Hijacking? - FiOS Northeast Blake Mckeeby (Jan 09)
- RE: DNS Hijacking? - FiOS Northeast Phil Lavin (Jan 09)
- Re: DNS Hijacking? - FiOS Northeast Jim Popovitch via NANOG (Jan 10)
- RE: DNS Hijacking? - FiOS Northeast Chris Kimball (Jan 09)
- RE: DNS Hijacking? - FiOS Northeast Phil Lavin (Jan 09)