Security Hero Rotating Header Image

Odd DNS Resolution for Google via OpenDNS, (Sun, Apr 26th)

Odd DNS Resolution for Google via OpenDNS, (Sun, Apr 26th)

We had a report from one of our readers (Deoscoidy) from Puerto Rico had issues reading Google earlier today. Instead of being directed to Google, he got redirected to an error page hosted with the free web service provider atspace.com. Pages like this are known to be used for malware. Shortly after he reported it, the problem fixed itself for him. I have only been able to reproduce part of the problem so far.
He found out that the redirect was in part due to the name resolution done by OpenDNS. It looks like as an OpenDNS user you receive a different response for www.google.com ANSWER SECTION:

www.google.com. 30 IN CNAME google.navigation.opendns.com.

google.navigation.opendns.com. 30 IN A 208.69.32.231

google.navigation.opendns.com. 30 IN A ANSWER SECTION:

www.google.com. 336708 IN CNAME www.l.google.com.

www.l.google.com. 148 IN A 74.125.93.104

www.l.google.com. 148 IN A 74.125.93.147

www.l.google.com. 148 IN A 74.125.93.99

www.l.google.com. 148 IN A 74.125.93.103

208.69.32.0/21 is owned by OpenDNS. So the information returned by OpenDNS is not necessarily malicious, and may just be part of Googles intricate load balancing scheme (you will likely get very different IP addresses if you run the second query).
The response returned from these servers looks like an authentic response from Google. However, maybe some of the country level redirection had been broken earlier. Right now, everything seems to be fine. If you experience similar issues, please let us know.

Leave a Reply

Your email address will not be published. Required fields are marked *