I was looking at my firewall logs last night, and i noticed that my wifes android phone was talking to a shaw ip address alot.
The address when you go to it in a web browser, has the google page! 24.244.19.212
I naturally thought this was some sort of attack or redirection, but when i went onto my DNS server and did a query for google.ca, I got a list of SHAW servers. WTF! i say to myself. So then i tried querying opendns:
nslookup google.ca 208.67.222.222
and I get this:
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: google.ca
Address: 24.244.19.212
Name: google.ca
Address: 24.244.19.237
Name: google.ca
Address: 24.244.19.222
Name: google.ca
Address: 24.244.19.242
Name: google.ca
Address: 24.244.19.241
Name: google.ca
Address: 24.244.19.232
Name: google.ca
Address: 24.244.19.216
Name: google.ca
Address: 24.244.19.217
Name: google.ca
Address: 24.244.19.221
Name: google.ca
Address: 24.244.19.236
Name: google.ca
Address: 24.244.19.247
Name: google.ca
Address: 24.244.19.251
Name: google.ca
Address: 24.244.19.231
Name: google.ca
Address: 24.244.19.246
Name: google.ca
Address: 24.244.19.227
Name: google.ca
Address: 24.244.19.226
all shaw ip addresses! so whats going on here? is shaw intercepting my DNS requests and using its own local caching server? how would I turn this behaviour off? I dont want shaw to be intercepting my private communications with google. Sure they are the ISP, and we have to trust them, but I would rather be talking directly to google, especially for sensitive things like her webmail. I would hate to think its all cached on some shaw server.
Anyone seeing this? am I just being crazy or have done something really wrong? I purposefully run my own DNS servers for many reasons and privacy is one of them. Are there other sites that shaw is injecting its claws into? is it only google because google is special?
duckduckgo.com seems to resolve fine.
↧