yaml webconnectivity log:
accessible: false agent: redirect blocking: dns body_length_match: false body_proportion: 0.09658116667249887 client_resolver: 202.188.1.6 control: dns: addrs: [sarawakreport.org, 104.25.9.14, 104.25.8.14]
Questions.
What is client_resolver how does it determine that it's 202.188.1.6, in another yesterday it's 202.188.1.7 (https://explorer.ooni.torproject.or g/measurement/20160802T205955Z_AS4788_3omRbM1JA9BYIMF5O5uiKEsdmUqy4kdun nKn7exzBlM2ebboDh?input=http:%2F%2Fwww.sarawakreport.org)
Both of which I can't use to resolve addresses from the same network.
The system resolver in this case is 1.9.1.9. 202.188.1.5 would also work but is not used in the report.
However the http_request does use the correct tampered address, so I'm curious as to how it could use a resolver that I can't use to lookup from the same network.
Hi Khairil,
The system resolver is determined by querying a public service run by akamai called whoami.akamai.net.
You can see our implementation of such service to see how it works here: https://github.com/TheTorProject/ooni-backend/blob/master/oonib/testhelpers/...
We don’t use our own servers for doing this as we are assuming that using a public service vs using something hosted on a ooni.* domain is more stealth.
The basic idea behind how it works is that you do an A lookup for a special domain and the delegated authoritative name server will reflect back the IP address from where the query originated.
The reason why you are seeing a different IP than that where you are directing your queries to is that quite often DNS resolvers are deployed in a way where the machine actually doing the queries and then caching them are different than those where you make queries to.
As an example with the google DNS resolver you will see this:
$ dig +short whoami.akamai.net @8.8.8.8 74.125.47.143
However you can confirm that actually that IP is in the range allocated to google:
$ whois 74.125.47.143 | grep ^Organization Organization: Google Inc. (GOGL)
Hope this answers your question.
~ Arturo
On Aug 3, 2016, at 09:27, Khairil Yusof khairil.yusof@sinarproject.org wrote:
yaml webconnectivity log:
accessible: false agent: redirect blocking: dns body_length_match: false body_proportion: 0.09658116667249887 client_resolver: 202.188.1.6 control: dns: addrs: [sarawakreport.org, 104.25.9.14, 104.25.8.14]
Questions.
What is client_resolver how does it determine that it's 202.188.1.6, in another yesterday it's 202.188.1.7 (https://explorer.ooni.torproject.or g/measurement/20160802T205955Z_AS4788_3omRbM1JA9BYIMF5O5uiKEsdmUqy4kdun nKn7exzBlM2ebboDh?input=http:%2F%2Fwww.sarawakreport.org)
Both of which I can't use to resolve addresses from the same network.
The system resolver in this case is 1.9.1.9. 202.188.1.5 would also work but is not used in the report.
However the http_request does use the correct tampered address, so I'm curious as to how it could use a resolver that I can't use to lookup from the same network.
On Rab, 2016-08-03 at 12:34 +0200, Arturo Filastò wrote:
Hi Khairil,
The system resolver is determined by querying a public service run by akamai called whoami.akamai.net.
You can see our implementation of such service to see how it works here: https://github.com/TheTorProject/ooni-backend/blob/master/oonib/testh elpers/dns_helpers.py#L26
We don’t use our own servers for doing this as we are assuming that using a public service vs using something hosted on a ooni.* domain is more stealth.
The basic idea behind how it works is that you do an A lookup for a special domain and the delegated authoritative name server will reflect back the IP address from where the query originated.
The reason why you are seeing a different IP than that where you are directing your queries to is that quite often DNS resolvers are deployed in a way where the machine actually doing the queries and then caching them are different than those where you make queries to.
As an example with the google DNS resolver you will see this:
$ dig +short whoami.akamai.net @8.8.8.8 74.125.47.143
However you can confirm that actually that IP is in the range allocated to google:
$ whois 74.125.47.143 | grep ^Organization Organization: Google Inc. (GOGL)
Hope this answers your question.
~ Arturo
Thanks Arturo, that's a very clear explanation and also the pointer to the code.
<snip>
-
Arturo Filastò -
Khairil Yusof