Et quand les DNS google sont filtré par SFR

dnstest -  
brupala Messages postés 112037 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Une petite chose intéressante sur les DNS :
Je suis chez SFR comme opérateur et je suis surpris déjà des réponses des serveurs DNS google en 8.8.8.8 ou en 8.8.4.4

Quand je demande a resourdre www.Google.com les réponses vont sur des IP SFR et non pas Google.

Trouvez-vous ça normal ?
exemple nslookup :

> www.google.com
Serveur : [8.8.4.4]
Address: 8.8.4.4

Réponse ne faisant pas autorité :
Nom : www.google.com
Addresses: 2a00:1450:4007:806::1013
77.153.128.21
77.153.128.23
77.153.128.27
77.153.128.24
77.153.128.22
77.153.128.20
77.153.128.25
77.153.128.26

> www.google.com
Serveur : google-public-dns-a.google.com
Address: 8.8.8.8

Réponse ne faisant pas autorité :
Nom : www.google.com
Addresses: 2a00:1450:4007:805::1013
77.153.128.25
77.153.128.20
77.153.128.23
77.153.128.26
77.153.128.22
77.153.128.24
77.153.128.27
77.153.128.21




> www.google.com
Serveur : 248.147.0.109.rev.sfr.net
Address: 109.0.147.248

Réponse ne faisant pas autorité :
Nom : www.google.com
Addresses: 2a00:1450:4007:805::1010
77.153.128.21
77.153.128.27
77.153.128.26
77.153.128.20
77.153.128.23
77.153.128.24
77.153.128.25
77.153.128.22
Les reverses des réponses sont SFR.

et sur un dns ouvert d'un autre FAI:

> www.google.com
Serveur : cpefr_par002114.ia.colt.net
Address: 62.23.20.10

Réponse ne faisant pas autorité :
Nom : www.google.com
Addresses: 2a00:1450:400c:c05::93
173.194.67.103
173.194.67.106
173.194.67.147
173.194.67.99
173.194.67.104
173.194.67.105

>
Adresse IP de google.


Cordialement

A voir également:

2 réponses

Réponse 1 / 2
MrYAU31 Messages postés 3808 Date d'inscription   Statut Membre Dernière intervention   1 615
 
Bonjour,

Je trouve ça intéressant. Je pense qu'ils essayent de limiter le trafic via leurs transitaires en conservant tout ce qu'ils peuvent sur leur propre réseau (encore une histoire d'argent) mais c'est la 1ère fois que je vois ça. Je ne sais même pas si c'est légal. Ton contrat te permet d'accéder à un service et s'ils interceptent les requêtes (légales) que tu fais à un autre serveur, le service n'est pas tenu... à moins qu'ils ne s'appuient eux-mêmes sur les serveurs de Google :-P
2
dnstest
 
Bonjour MrYAU31,

je ne pense pas que ce soit légale, puisque les requête de recherche Google vont chez SFR.

Maintenant c'est de savoir si ce phénomène et chez tous les opérateurs !!!

A suivre....

Bonne journée
0
brupala Messages postés 112037 Date d'inscription   Statut Membre Dernière intervention   14 176 > dnstest
 
Après c'est pas bien grave que les caches d'un CDN aient des adresses SFR, du moment que le contenu vient bien des serveurs google ....
c'est un peu le cas de commentcamarche.net qui utilise le CDN Akamai pour son www.
Les serveurs cache ont des adresses akamai.
0
dnstest
 
je comprends mais en https comme google le cache CDN doit être autorisé et delà qui dit cache dit traçage, mais ce qui est drole c'est de ce faire passer pour le DNS 8.8.8.8 de google

Enfin Bref vive la cnil et internet.
A+
0
brupala Messages postés 112037 Date d'inscription   Statut Membre Dernière intervention   14 176 > dnstest
 
on a la même réponse,
probablement en fonction de l'adresse source, mais rien ne dit que ça n'est pas le dns de google.
Le serveur pourrait être un serveur google avec une adresse ip SFR.
Comme quand tu as un serveur chez un hébergeur, l'adresse ip est celle de l'hébergeur en reverse, mais le nom de domaine direct est le tien.
0
Réponse 2 / 2
brupala Messages postés 112037 Date d'inscription   Statut Membre Dernière intervention   14 176
 
Salut,
www.google.com n'est pas un bon exemple pour ça, les adresses sont nombreuses et varient dans le temps suivant le lieu de la demande et d'autres critères on a affaire à un cdn, des serveurs cache.
Chez moi, j'ai encore d'autres adresses que celles que tu donnes et ça varie suivant le dns que j'utilise.
si tu veux vraiment savoir si c'est bien google, tu testes T411.io qui est bloquée sur les DNS français, mais google répondra.
0
dnstest
 
bonjour
oui je suis d'accord que les adresse change et c'est normal mais quand tu ping les adresses comme ceci :
ping -a 77.153.128.21 on te renvoie le reverse PTR et donc
Envoi d'une requête 'ping' sur 21.128.153.77.rev.sfr.net [77.153.128.21]

Envoi moi ta reponse sur www.google.com ca serait interrésant.

A+
0
brupala Messages postés 112037 Date d'inscription   Statut Membre Dernière intervention   14 176 > dnstest
 
brupala@T410:~$ ping -a www.google.com
PING www.google.com (64.233.184.105) 56(84) bytes of data.
64 bytes from wa-in-f105.1e100.net (64.233.184.105): icmp_seq=1 ttl=44 time=33.8 ms
64 bytes from wa-in-f105.1e100.net (64.233.184.105): icmp_seq=2 ttl=44 time=31.4 ms
64 bytes from wa-in-f105.1e100.net (64.233.184.105): icmp_seq=3 ttl=44 time=31.1 ms
64 bytes from wa-in-f105.1e100.net (64.233.184.105): icmp_seq=4 ttl=44 time=31.7 ms
64 bytes from wa-in-f105.1e100.net (64.233.184.105): icmp_seq=5 ttl=44 time=31.2 ms
64 bytes from wa-in-f105.1e100.net (64.233.184.105): icmp_seq=6 ttl=44 time=31.9 ms
64 bytes from wa-in-f105.1e100.net (64.233.184.105): icmp_seq=7 ttl=44 time=31.4 ms
^C
--- www.google.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6007ms
rtt min/avg/max/mdev = 31.182/31.854/33.878/0.898 ms
brupala@T410:~$ ping -6a www.google.com
ping: invalid option -- '6'
Usage: ping [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface]
[-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos]
[-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option]
[-w deadline] [-W timeout] [hop1 ...] destination
brupala@T410:~$ ping6 -a www.google.com
PING www.google.com(wm-in-x6a.1e100.net) 56 data bytes
64 bytes from wm-in-x6a.1e100.net: icmp_seq=1 ttl=54 time=33.1 ms
64 bytes from wm-in-x6a.1e100.net: icmp_seq=2 ttl=54 time=31.1 ms
64 bytes from wm-in-x6a.1e100.net: icmp_seq=3 ttl=54 time=31.4 ms
64 bytes from wm-in-x6a.1e100.net: icmp_seq=4 ttl=54 time=31.6 ms
^C
--- www.google.com ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4005ms
rtt min/avg/max/mdev = 31.167/31.868/33.131/0.751 ms
brupala@T410:~$

complément: 
brupala@T410:~$ whois 1e100.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: 1E100.NET
   Registrar: MARKMONITOR INC.
   Sponsoring Registrar IANA ID: 292
   Whois Server: whois.markmonitor.com
   Referral URL: https://www.markmonitor.com/
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientDeleteProhibited
   Status: clientRenewProhibited https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientRenewProhibited
   Status: clientTransferProhibited https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientTransferProhibited
   Status: clientUpdateProhibited https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientUpdateProhibited
   Status: serverDeleteProhibited https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#serverDeleteProhibited
   Status: serverTransferProhibited https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#serverTransferProhibited
   Status: serverUpdateProhibited https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#serverUpdateProhibited
   Updated Date: 15-sep-2010
   Creation Date: 25-sep-2009
   Expiration Date: 25-sep-2019

>>> Last update of whois database: Sat, 24 Oct 2015 14:21:56 GMT <<<

NOTICE: The expiration date displayed in this record is the date the 
registrar's sponsorship of the domain name registration in the registry is 
currently set to expire. This date does not necessarily reflect the expiration 
date of the domain name registrant's agreement with the sponsoring 
registrar.  Users may consult the sponsoring registrar's Whois database to 
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois 
database through the use of electronic processes that are high-volume and 
automated except as reasonably necessary to register domain names or 
modify existing registrations; the Data in VeriSign Global Registry 
Services' ("VeriSign") Whois database is provided by VeriSign for 
information purposes only, and to assist persons in obtaining information 
about or related to a domain name registration record. VeriSign does not 
guarantee its accuracy. By submitting a Whois query, you agree to abide 
by the following terms of use: You agree that you may use this Data only 
for lawful purposes and that under no circumstances will you use this Data 
to: (1) allow, enable, or otherwise support the transmission of mass 
unsolicited, commercial advertising or solicitations via e-mail, telephone, 
or facsimile; or (2) enable high volume, automated, electronic processes 
that apply to VeriSign (or its computer systems). The compilation, 
repackaging, dissemination or other use of this Data is expressly 
prohibited without the prior written consent of VeriSign. You agree not to 
use electronic processes that are automated and high-volume to access or 
query the Whois database except as reasonably necessary to register 
domain names or modify existing registrations. VeriSign reserves the right 
to restrict your access to the Whois database in its sole discretion to ensure 
operational stability.  VeriSign may restrict or terminate your access to the 
Whois database for failure to abide by these terms of use. VeriSign 
reserves the right to modify these terms at any time. 

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

For more information on Whois status codes, please visit 
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
Domain Name: 1e100.net
Registry Domain ID: 1570253561_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: https://www.markmonitor.com/
Updated Date: 2014-10-28T12:38:28-0700
Creation Date: 2009-09-24T22:40:03-0700
Registrar Registration Expiration Date: 2019-09-24T22:40:03-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#clientDeleteProhibited)
Registry Registrant ID: 
Registrant Name: DNS Admin
Registrant Organization: Google Inc.
Registrant Street: 1600 Amphitheatre Parkway
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US
Registrant Phone: +1.6502530000
Registrant Phone Ext: 
Registrant Fax: +1.6506188571
Registrant Fax Ext: 
Registrant Email: dns-admin@google.com
Registry Admin ID: 
Admin Name: DNS Admin
Admin Organization: Google Inc.
Admin Street: 1600 Amphitheatre Parkway
Admin City: Mountain View
Admin State/Province: CA
Admin Postal Code: 94043
Admin Country: US
Admin Phone: +1.6502530000
Admin Phone Ext: 
Admin Fax: +1.6506188571
Admin Fax Ext: 
Admin Email: dns-admin@google.com
Registry Tech ID: 
Tech Name: DNS Admin
Tech Organization: Google Inc.
Tech Street: 1600 Amphitheatre Parkway
Tech City: Mountain View
Tech State/Province: CA
Tech Postal Code: 94043
Tech Country: US
Tech Phone: +1.6502530000
Tech Phone Ext: 
Tech Fax: +1.6506188571
Tech Fax Ext: 
Tech Email: dns-admin@google.com
Name Server: ns3.google.com
Name Server: ns2.google.com
Name Server: ns4.google.com
Name Server: ns1.google.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: https://www.icann.org/compliance/complaint
>>> Last update of WHOIS database: 2015-10-24T07:15:05-0700 <<<

The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for
information purposes, and to assist persons in obtaining information about or
related to a domain name registration record.  MarkMonitor.com does not guarantee
its accuracy.  By submitting a WHOIS query, you agree that you will use this Data
only for lawful purposes and that, under no circumstances will you use this Data to:
 (1) allow, enable, or otherwise support the transmission of mass unsolicited,
     commercial advertising or solicitations via e-mail (spam); or
 (2) enable high volume, automated, electronic processes that apply to
     MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

MarkMonitor is the Global Leader in Online Brand Protection.

MarkMonitor Domain Management(TM)
MarkMonitor Brand Protection(TM)
MarkMonitor AntiPiracy(TM)
MarkMonitor AntiFraud(TM)
Professional and Managed Services

Visit MarkMonitor at https://www.markmonitor.com/
Contact us at +1.8007459229
In Europe, at +44.02032062220
--

Je suis chez OVH, mais sur le coup, le dns, je ne sais pas trop lequel répond, j'en ai 3, dont un bind qui a une redirection.
Si je regarde ça: 
brupala@T410:~$ host -v www.google.com
Trying "www.google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54578
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;www.google.com.   IN A

;; ANSWER SECTION:
www.google.com.  139 IN A 216.58.211.100

;; AUTHORITY SECTION:
com.   84812 IN NS f.gtld-servers.net.
com.   84812 IN NS a.gtld-servers.net.
com.   84812 IN NS c.gtld-servers.net.
com.   84812 IN NS g.gtld-servers.net.
com.   84812 IN NS h.gtld-servers.net.
com.   84812 IN NS i.gtld-servers.net.
com.   84812 IN NS m.gtld-servers.net.
com.   84812 IN NS d.gtld-servers.net.
com.   84812 IN NS k.gtld-servers.net.
com.   84812 IN NS e.gtld-servers.net.
com.   84812 IN NS j.gtld-servers.net.
com.   84812 IN NS l.gtld-servers.net.
com.   84812 IN NS b.gtld-servers.net.

;; ADDITIONAL SECTION:
b.gtld-servers.net. 85345 IN A 192.33.14.30
b.gtld-servers.net. 86863 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 85357 IN A 192.26.92.30
d.gtld-servers.net. 85357 IN A 192.31.80.30
e.gtld-servers.net. 85351 IN A 192.12.94.30
f.gtld-servers.net. 602 IN A 192.35.51.30
g.gtld-servers.net. 85318 IN A 192.42.93.30
h.gtld-servers.net. 3318 IN A 192.54.112.30
i.gtld-servers.net. 85162 IN A 192.43.172.30
j.gtld-servers.net. 85352 IN A 192.48.79.30
k.gtld-servers.net. 85163 IN A 192.52.178.30
l.gtld-servers.net. 85156 IN A 192.41.162.30
m.gtld-servers.net. 85345 IN A 192.55.83.30

Received 492 bytes from 127.0.1.1#53 in 2 ms
Trying "www.google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19107
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;www.google.com.   IN AAAA

;; ANSWER SECTION:
www.google.com.  151 IN AAAA 2a00:1450:4007:806::1012

;; AUTHORITY SECTION:
com.   84812 IN NS i.gtld-servers.net.
com.   84812 IN NS c.gtld-servers.net.
com.   84812 IN NS k.gtld-servers.net.
com.   84812 IN NS l.gtld-servers.net.
com.   84812 IN NS b.gtld-servers.net.
com.   84812 IN NS d.gtld-servers.net.
com.   84812 IN NS m.gtld-servers.net.
com.   84812 IN NS h.gtld-servers.net.
com.   84812 IN NS a.gtld-servers.net.
com.   84812 IN NS j.gtld-servers.net.
com.   84812 IN NS f.gtld-servers.net.
com.   84812 IN NS e.gtld-servers.net.
com.   84812 IN NS g.gtld-servers.net.

;; ADDITIONAL SECTION:
b.gtld-servers.net. 85345 IN A 192.33.14.30
b.gtld-servers.net. 86863 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 85357 IN A 192.26.92.30
d.gtld-servers.net. 85357 IN A 192.31.80.30
e.gtld-servers.net. 85351 IN A 192.12.94.30
f.gtld-servers.net. 602 IN A 192.35.51.30
g.gtld-servers.net. 85318 IN A 192.42.93.30
h.gtld-servers.net. 3318 IN A 192.54.112.30
i.gtld-servers.net. 85162 IN A 192.43.172.30
j.gtld-servers.net. 85352 IN A 192.48.79.30
k.gtld-servers.net. 85163 IN A 192.52.178.30
l.gtld-servers.net. 85156 IN A 192.41.162.30
m.gtld-servers.net. 85345 IN A 192.55.83.30

Received 504 bytes from 127.0.1.1#53 in 2 ms
Trying "www.google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38131
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.   IN MX

;; AUTHORITY SECTION:
google.com.  55 IN SOA ns4.google.com. dns-admin.google.com. 106216205 900 900 1800 60

Received 82 bytes from 127.0.1.1#53 in 80 ms

ça ne m'avance guère on est dans mon cache.
0

Discussions similaires

trouver l'identité d'un numéro de mobile SFR
eve.bussu -
mums -

3 réponses
Processeur 98% gestionnaire des taches
TamarouMA -
Calain34 -

9 réponses
Comment connaître mon nouveau numéro de téléphone SFR ?
GrApiXx -
1996 -

43 réponses
Soucis d'inscription sur Youppie.net
Showlyx -
Showlyx -

1 réponse
ERR_UNKNOWN_URL_SCHEME : Problème de redirection
IliasPier -
Zorglube -

4 réponses