Last week I noticed, that Kabel Deutschland
, a cable provider in germany, returns for any non existing hosts “126.96.36.199″. It seems, thats it is rolled out since last fall. Even for DNSSEC
enabled infrastructure it breaks it totally:
; <<>> DiG 9.3.4 <<>> +dnssec web.pixaco.se @188.8.131.52
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; ANSWER SECTION:
web.pixaco.se. 0 IN A 184.108.40.206
Beside that, this behavour breaks the whole DNS, since many mechanism rely on a negative answer. The most visible effect for the users is, that when having a typo on surfing, he will forwarded to http://suche.kabeldeutschland.de/de.kde.assist/?domain=<domainyoutypedinyourprompt>. Since 220.127.116.11/21 is located at our transatlantic friends from US, there might be some problem with leaking privacy informations. I don’t feel happy, if I had a typo in my URL and getting listed for it on any terror list or providing the newest porno links to my american friends inside the organisations with the tree capitals.
All that for getting some extra money, but racing pricedumping for connectivity, this sucks a lot.
If you are a customer and feel pissed, you can send a friendly note to them:
Kabel Deutschland Vertrieb und Service GmbH & Co. KG
A quick and dirty workaround for dnsmasq maybe to add “bogus-nxdomain=18.104.22.168″ to your config file. This doesn’t fix the DNSSEC problem.
The problem also pops up at dns-operations
and there are traces at google