1 |
The second argument to both host and nslookup, specifies the server to use |
2 |
for the lookup. So, you can compare the results of the DNS server specified |
3 |
in /etc/resolv.conf, with others like those mentioned above, eg |
4 |
host youtube.com 8.8.8.8 |
5 |
or |
6 |
nslookup youtube.com 4.2.2.4 |
7 |
|
8 |
However, youtube.com will no doubt be using global server load balancing, |
9 |
which means the DNS response will be based on the source IP address of the |
10 |
DNS request, so you can be directed to the closest youtube.com server(s). |
11 |
|
12 |
So, since you cant be sure the DNS results will be consistent across DNS |
13 |
servers, you can't use that to determine if you're being MITM'd. Mind you I |
14 |
don't think a non-targetted MITM would bother with someone's youtube |
15 |
traffic, but if your concerned about that just connect to youtube with |
16 |
https, so the certificate can be verified. |