some ISP providers will do[i guess to throttle traffic, uncertain]alter/tamper TTL of A DNS requests :[
usually dropped TTL to short time and inject bogus adreses into answers :[
happen both with p2p, youtube, social networks and virtually all popular resources/services.
MiicroTIK Manual/Wiki said that built-in DNS client/server will "respect" specified TTL, but how to deal with malforming it, ISP ?
is there any way to rise[even a bit]TTL values back to usable?
alternative was using different DNS provider/service, but most of them wasn't well-known/trusted enough and my ISP[for example]blocked DNS to Google servers.
so i guess my options is:
1. figure a way to adjust scale of "respect" for TTL, specified/mangled by ISP.
2. change ISP.
any idea, anyone ?
Re: fighting ISP, tampering DNS TTL
Try this:
Will obey existing rules (passthrough), while modifying TTL to 100.
I tested it using ICMP, but it should work with DNS, why not?
In fact, try this first:
Start pinging something:
Enable rule:
Watch TTL change!
Code: Select all
/ip firewall mangle add action=change-ttl chain=postrouting protocol=tcp dst-port=53 disabled=no new-ttl=set:100 passthrough=yes
/ip firewall mangle add action=change-ttl chain=postrouting protocol=udp dst-port=53 disabled=no new-ttl=set:100 passthrough=yes
I tested it using ICMP, but it should work with DNS, why not?
In fact, try this first:
Start pinging something:
Code: Select all
ping -t www.google.com Code: Select all
/ip firewall mangle add action=change-ttl chain=postrouting protocol=icmp disabled=no new-ttl=set:100 passthrough=yes Re: fighting ISP, tampering DNS TTL
cool, tnx. thats would help too[others ISP's tend do other dirty work - they alter TTL of ALL traffic to prevent consumers use ANY networking devices between their and customers PC's, to force them connect their PC's DIRECTLY to cable. users forced to obey or start modifying NIC's drivers and Routers firmware to circumvert that], sometimes.
but im mean not netflow packets TTL, but DNS TTL[in seconds, minutes, hours, days]specifying, how long request are valid to be considered actual by DNS Clients.
https://www.ntchosting.com/dns/ttl.html
http://kb.mediatemple.net/questions/908 ... to-live%29
so in result of [intentionally]lowered/altered/intercepted by ISP answers for A resources requests[never saw ISP messing with MX for example], consumer forced to request DNS servers more frequently and then ISP inject bogus/malformed answer toward consumer :[
thats unfair[and illegal according to comm regulations and law. at least in Russia and US], but quite usual for some of them.
p.s.
TTL was also used in HTTP,, but ISP's usually not tend to deflect such traffic, instead focusing on eavesdroppping, caching it and injecting malware[or gov't, sitting on their ports - not matter]into it(same - with FTP-traffic).
but im mean not netflow packets TTL, but DNS TTL[in seconds, minutes, hours, days]specifying, how long request are valid to be considered actual by DNS Clients.
https://www.ntchosting.com/dns/ttl.html
http://kb.mediatemple.net/questions/908 ... to-live%29
so in result of [intentionally]lowered/altered/intercepted by ISP answers for A resources requests[never saw ISP messing with MX for example], consumer forced to request DNS servers more frequently and then ISP inject bogus/malformed answer toward consumer :[
thats unfair[and illegal according to comm regulations and law. at least in Russia and US], but quite usual for some of them.
p.s.
TTL was also used in HTTP,, but ISP's usually not tend to deflect such traffic, instead focusing on eavesdroppping, caching it and injecting malware[or gov't, sitting on their ports - not matter]into it(same - with FTP-traffic).
Re: fighting ISP, tampering DNS TTL
Yeah, I've encountered these DNS Violations before.. really the only way to avoid that, is to either use a public DNS server (if you can get to google's etc), or run your own server.
Running your own DNS server is pretty easy, doesn't use too much resources, but you will need to be able to contact other DNS servers to resolve things recursively.. which won't work if they are modifying your TTL's. You could recurse via a VPN to bypass the block though.
You may have to get creative if you want to modify the TTL information inside DNS packets without running a server.. I'm thinking a perl-script using something like: http://search.cpan.org/dist/Net-DNS/lib ... eserver.pm with a bit of http://www.net-dns.org/docs/Net/DNS/RR.html
Hmm.. could be fun to put that inline..
Running your own DNS server is pretty easy, doesn't use too much resources, but you will need to be able to contact other DNS servers to resolve things recursively.. which won't work if they are modifying your TTL's. You could recurse via a VPN to bypass the block though.
You may have to get creative if you want to modify the TTL information inside DNS packets without running a server.. I'm thinking a perl-script using something like: http://search.cpan.org/dist/Net-DNS/lib ... eserver.pm with a bit of http://www.net-dns.org/docs/Net/DNS/RR.html
Hmm.. could be fun to put that inline..
Re: fighting ISP, tampering DNS TTL
dunno why.
doesn't ROS use same Linux kernel and netfilter as "usual" Linux had ?[which perfectly can do that].
another question - why both DNS and Routing setting marginalised/generalised/global ? ie why you can't setup DNS client and DNS server separately[just like how you threat DHCP, PPPOE or OpenVPN] and then manually tweak their setting, separately and netflow between them in Firewall/NAT ? about common sense in my PoV.
doesn't ROS use same Linux kernel and netfilter as "usual" Linux had ?[which perfectly can do that].
another question - why both DNS and Routing setting marginalised/generalised/global ? ie why you can't setup DNS client and DNS server separately[just like how you threat DHCP, PPPOE or OpenVPN] and then manually tweak their setting, separately and netflow between them in Firewall/NAT ? about common sense in my PoV.