On Thu, 2014-07-24 at 18:56 -0700, jdebert wrote: > On Fri, 25 Jul 2014 03:30:19 +0200 Karsten Bräckelmann wrote: > > On Thu, 2014-07-24 at 17:32 -0700, jdebert wrote:
> > > Sprint, which I use for net access is hijacking DNS. > > > > What exactly do you mean hijacking? Routing NXDOMAIN to some sort of > > advertising web-server? Or serious packet-sniffing tampering with > > *any* DNS query crossing their hardware? > > Yes. Also disabling dnssec, not responding to certain queries and > modifying responses and queries. Run. Is that an option? > They like to call it "transparent DNS proxying". But it's not > proxying and obviously not transparent. > > > > > I cannot trust that the response received by sa-update is valid. Is > > > there another method to check for updates? > > > > If you really cannot trust *.updates.spamassassin.org DNS responses, > > you cannot trust *any* DNS response. Including all the DNSxLs SA uses > > by default. And rDNS rules. And your own SMTP's Received header. > > Wow. I never thought of that. :\ > > > > And just in case your problem merely is with using your ISPs DNS > > server, don't. Run your own local, caching DNS resolver > > (non-forwarding). > > > > Unless we're really talking intercepting raw DNS traffic, that should > > do. > > we are. Got to admit, I wasn't expecting this. What you describe sounds major. Just to be clear -- and absolutely no excuse to tamper with raw traffic like this -- are we talking end-user / dial-up? Sprint really even messes with DNS TXT records? What for? Well, unless there is no way around that almost malicious tampering, I guess the solution is to change ISP, regardless whether that's local line or server housing. I understand home ISP switching might be difficult. In which case I guess Sprint would see exactly one type of traffic by me -- VPN traffic using their line into a trustworthy network. -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}