Hacker News new | ask | show | jobs
by Piskvorrr 3449 days ago
Compromised? Not much to do, but it also wouldn't hurt much. A rogue DNS can mishandle your queries, but in this age of HTTPS and SSH and whatnot, you should see right away that you're not connecting to legitimate endpoints: certificates aren't going to match.
1 comments
therealmarv 3449 days ago
The country Turkey compromised the Google DNS IPs once. It's also a way to block certain websites (no matter if HTTPS or not): http://arstechnica.com/information-technology/2014/03/turkey...
link
Piskvorrr 3448 days ago
Nope. Just rerouted packets going for 8.8.8.8 somewhere else; that's a MITM, not a compromise (although with an unauthenticated service such as DNS, the difference is academic for the client). Still, the sites are still accessible if you can get the IP address from somewhere else - which can be a different DNS server or even the hosts file.

I do agree that such block is enough to deter most non-technical users.

link
therealmarv 3448 days ago
That article is also old. I'm guessing Turkey has upgraded and maybe bought some tech from the Greate Firewall of China ;)
link