| 1 |
The second argument to both host and nslookup, specifies the server to use |
| 2 |
for the lookup. So, you can compare the results of the DNS server specified |
| 3 |
in /etc/resolv.conf, with others like those mentioned above, eg |
| 4 |
host youtube.com 8.8.8.8 |
| 5 |
or |
| 6 |
nslookup youtube.com 4.2.2.4 |
| 7 |
|
| 8 |
However, youtube.com will no doubt be using global server load balancing, |
| 9 |
which means the DNS response will be based on the source IP address of the |
| 10 |
DNS request, so you can be directed to the closest youtube.com server(s). |
| 11 |
|
| 12 |
So, since you cant be sure the DNS results will be consistent across DNS |
| 13 |
servers, you can't use that to determine if you're being MITM'd. Mind you I |
| 14 |
don't think a non-targetted MITM would bother with someone's youtube |
| 15 |
traffic, but if your concerned about that just connect to youtube with |
| 16 |
https, so the certificate can be verified. |
Archives