Re: DNSSEC www.dnssec-tools.org with 8.8.8.8 - Page 4

Anonymous · ‎23-07-2016

Well I can't make heads or tails of this Community layout in where the boards are so here goes.

So I've got a 4G Dongle this it mostly a backup connection to my ISP virgin media I've been trying to work out a problem with dnssec and the test at www.dnssec-tools.org and think its down to your HTTP proxy so to test I use just 8.8.8.8 which supports dnssec set on the NIC so it must use that for DNS over 4G. Now when a test on virgin media with 8.8.8.8 for www.dnssec-tools.org it passes but on O2 4G it fails. At this point you might be thinking dnssec is not supported over 4G with O2? Wrong because it does at another dnssec site at dnssec.vs.uni-due.de and both pass.

So I'm very sure its down to the HTTP proxy you put on the O2 4G connection thats messing the DNS SEC test up for www.dnssec-tools.org

Anyone else seeing this?

thanks

Beenherebefore · ‎02-08-2016

What are you testing that requires the use of a Google DNS ?.......it's the last DNS I'd use.....for any type of work

"My life is a facsimile of a sham"

MI5 · ‎02-08-2016

You are getting confused with what I am saying.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.

Anonymous · ‎02-08-2016

@Beenherebefore wrote:
What are you testing that requires the use of a Google DNS ?.......it's the last DNS I'd use.....for any type of work

DNSSEC is meant to load www.dnssec-tools.org securely but because o2 do man-in-middle HTTP source code changes along with compression this breaks the site o2 can inject anything they want it could even be possible that instead of trying to save bandwidth that it ends up increasing it should their be any flaws in the HTTP proxy code changes and compression that could be exploited to bring 4G network down.

MI5 · ‎02-08-2016

That doesn't answer the question though, does it?

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.

Beenherebefore · ‎02-08-2016

@Anonymous wrote:

@Beenherebefore wrote:
What are you testing that requires the use of a Google DNS ?.......it's the last DNS I'd use.....for any type of work

DNSSEC is meant to load www.dnssec-tools.org securely but because o2 do man-in-middle HTTP source code changes along with compression this breaks the site o2 can inject anything they want it could even be possible that instead of trying to save bandwidth that it ends up increasing it should their be any flaws in the HTTP proxy code changes and compression that could be exploited to bring 4G network down.

You appear to be a politician !......I'll ask another question, have you tried using a different DNS rather than a Google DNS?

"My life is a facsimile of a sham"

Anonymous · ‎02-08-2016

@MI5 wrote:
That doesn't answer the question though, does it?

It does its in the first line.

You really want me to say how o2 can force you to install a certificate that they can then do HTTPS source code changes along with compression by being able to mint their own to do that level of man-in-middle not that it would work for all sites but you think how Avast scans traffic that HTTPS....same thing

So just agree with me its bad that o2 do what they do now.

MI5 · ‎02-08-2016

Ok, you win, I agree...

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.

Beenherebefore · ‎02-08-2016

Yes @MI5 ......I give up too....but at least I think we have discovered why the "testing" is being done.

Thread closed as far as I'm concerned.

"My life is a facsimile of a sham"

Anonymous · ‎02-08-2016

@Beenherebefore wrote:

Yes @MI5 ......I give up too....but at least I think we have discovered why the "testing" is being done.

Thread closed as far as I'm concerned.

Nope still can't load www.dnssec-tools.org securely on a supported DNSSEC resolver to which 8.8.8.8 is not the only one.

They can add a exception rule for www.dnssec-tools.org in their terrible HTTP proxy source code change rubbish along with compression so that the site loads securely as expected with DNSSEC as a means for it to work likely they have to do that to other sites.

viridis · ‎02-08-2016

@Beenherebefore wrote:
What are you testing that requires the use of a Google DNS ?.......it's the last DNS I'd use.....for any type of work

I hear it improves video feed quality from some servers...