ISP tricks DNS


Running "nslookup" yields IPs of my ISP (as Non-authoritative answer). I think this started occurring recently. Probably they are making cache or something, as nearest Google data center is quite far away.

First of all, how is that even possible? I thought the worst they could do is block me from sending a DNS request to (say by blocking remote port 53), but how can they trick from sending me a correct address?

Second, how can I bypass this, if at all?



Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\asdf nslookup



Non-authoritative answer:


Addresses: 2a00:1450:4017:801::1006


And using DNSCrypt (with and without option of DNSCrypt over port 443):

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.


primary name server = localhost

responsible mail addr = nobody.invalid

serial = 1

refresh = 600 (10 mins)

retry = 1200 (20 mins)

expire = 604800 (7 days)

default TTL = 10800 (3 hours)

Server: UnKnown


Non-authoritative answer:


Addresses: 2a00:1450:4017:800::1008


Formatting is a bit off, sorry about that.

Best Answer

  • I don't think what you think is hijacking is hijacking (I am not saying it is not happening, just the evidence does not point to it.)

    From what it looks like you are just seeing 3rd party location based CDNs Google uses for it's servers.

    Google would never be able to serve up pages at the speed it offers if every query had to go through a master database back in Mountain View, CA. So they have 1000's of mirrored servers at ISP's all over the world to help serve up content quicker. They do not necessarily manage the servers that are hosting the page, only the software running on the server. Heck it could be done all with VPS's.

    So you are likely seeing the IP's belonging to the hosting company/CDN that Google is using for serving pages in your area.

    (P.S. The way they are poiting you to the correct CDN (the reason you get a different set of numbers vs is the DNS servers sitting on look at the requesting IP and reply with the IPs for the CDN serving that area by doing a IP Geolocation Lookup)

  • Related Question