On Fri, Sep 29, 2017 at 02:56:12PM +0200, Baptiste Jonglez <baptiste.jong...@imag.fr> wrote a message of 56 lines which said:
> What I mean by "traffic interception" is that DNS queries from the > probe to a third-party DNS server do not reach the server, but are > intercepted and answered by a middle-box instead. Many interceptors (for instance the GFC) do so only when the request matches some criteria. "Intercepting" is not all-or-nothing. > It seems that the "DNS Root Instances" map could be used for that purpose, > because DNS traffic interception shows up as if the probe was contacting > an "Unknown" root instance. There are many rogue root instances (with anycast, it can be difficult to be sure of talking to a real root) so a strange instance is not always DNS interception. > I also looked for DNS-related tags on probes, but could not find > anything useful. System tag "clean DNS" would certainly be useful but, as the two examples above show, it is difficult to define precisely.