Ask HN: What if your DNS provider is a honeypot?

niksmac | 6 points

If you mean they give a different answer specifically for you, then you would have to mirror your requests to multiple providers and the root servers to see who is not telling the truth. Perhaps build a web UI like this [1] or write a script to select some of your commonly requested names and query all the servers. At times you can expect answers to differ, as people change DNS and TTL will expire from caches at different times. Some sites may give a different IP based on the source location of your DNS client if they are doing GSLB and not using Anycast.

In a script you might use the "dig" command with options like this so you can see when the TTL is about to expire.

    dig @some_server +noall +answer some.domain
[1] - https://www.whatsmydns.net/#NS/ycombinator.com
LinuxBender | 4 years ago

Sending all your requests to a single DNS point is bad security. Best just 'spreading' your DNS out, so use a mix of Quad9, Google, OpenDNS, Cloudflare 1.1.1.1 etc

I live by the motto: Don't put all your eggs in one basket

diablo1 | 4 years ago

What do you mean by a honeypot? Do you mean if they're running a scam, or actually a honeypot and you're running a scam that could be found?

viraptor | 4 years ago

I think you have to trust your DNS resolver or choose a new one. You can compare the results of different resolvers but I'm not aware of any solutions out of the box. For example:

dig example.com A

compare against

dig example.com A @dns.google.com

etc

elliottinvent | 4 years ago