Exercise 1.4: Internet Storm Center Tools
Countries often use DNS to block access to different sites. On the other hand, DNS is also used for geographic load balancing, or to redirect users to country specific versions of the site.
Our "DNS Looking Glass" resolves hostnames using DNS servers in various countries.
A "-- failed --" response may just indicate that we can not connect to any DNS servers in that particular country right now. DNS servers rotate every 10 minutes.
To start, proceed to https://isc.sans.edu/tools/dnslookup.html.
Try to find a hostname that resolves to different IP addresses. Validate if the IPs are pointing to the correct site.
Good hostnames to try are facebook.com, twitter.com or google.com
To validate if an IP address belongs to a certain organization, perform a reverse DNS or a Whois lookup.
Google uses a content delivery network known as 1E100.net.
The page uses different DNS servers every 5-10 minutes. It is hard to predict what you will exactly see. But you should see some significantly different IPs for sites like Facebook and Google when they are resolved via DNS servers in China. This exercise will be demonstrated as a solution.