[HN Gopher] Google DNS at 010.010.010.010 ___________________________________________________________________ Google DNS at 010.010.010.010 Author : boramalper Score : 120 points Date : 2021-10-30 15:08 UTC (7 hours ago) (HTM) web link (010.010.010.010) (TXT) w3m dump (010.010.010.010) | TheSwordsman wrote: | The JSON format they display results in is a bit rough, though. | Some keys are capitalized, some not. | EastOfTruth wrote: | another DNS to avoid... using anything but your ISP's DNS | decrease privacy... unless you are using a VPN, then the DNS | should be from your VPN's ISP | sodality2 wrote: | > using anything but your ISP's DNS decrease privacy | | Using your ISP's DNS decreases privacy. I assume you mean that | because UDP/53 DNS is unencrypted, if you switch to another DNS | provider, then both the ISP _and_ the new DNS can see your | requests? In which case I present to you DNS over HTTPS | boramalper wrote: | I found this quite amusing as it seems as if Google is trying to | impersonate Cloudflare's 1.1.1.1, whereas 010.010.010.010 is | indeed the octal representation of 8.8.8.8. | | Credit: _IPv4 addresses are silly, inet_aton(3) doubly so._ | https://www.netmeister.org/blog/inet_aton.html | zh3 wrote: | Ever tried to google 192.168.1.1? Here at least it gives lots | of bogosity (all in the name of keeping us safe from what we | actually wanted to get to). | pxc wrote: | Google is for web search, and http://192.168.1.1 is not on | the web | Dylan16807 wrote: | Google also has info boxes, and this would be a very good | place for one. | zh3 wrote: | ...in which case they shouldn't give misleading replies | like "192.168.l.l", n'est ce pas? | dcminter wrote: | For clarity - 8.8.8.8 has been around as a free public DNS for | a good bit longer than 1.1.1.1 has | | I think you probably know that already, but there are at least | a couple of ways to interpret what you wrote. | | https://en.wikipedia.org/wiki/Google_Public_DNS | | https://en.wikipedia.org/wiki/1.1.1.1 | csouza-f wrote: | Indeed octal. The second DNS is 010.010.04.04 == 8.8.4.4 | eyelidlessness wrote: | Amusingly, iOS thinks the text "010.010.010.010" is a phone | number. | stefan_ wrote: | Is there a good IPv6 option? | bikingbismuth wrote: | For DNS, I am not sure. If you are talking about strange IP | formats, not really. The best I've been able to do is some | playing with the IPv6.IPv4 formatting. | p1mrx wrote: | Yeah, https://[2001:4860:4860:00::000:0.0.136.136]/ is | probably the weirdest format that still parses. | lucb1e wrote: | It's also at 010.010.2056 or 0x8080808 or 01002004010. I made a | little tool a while ago that iterates over all the options that I | know of: | | https://lucb1e.com/randomprojects/php/funnip.php?ip=8.8.8.8 | | The variant found by OP is apparently the very last option that | my tool generates. These days, Firefox is a bit boring (okay, | okay, I'll admit it's a good choice for security) and translates | these at the first opportunity. Even hyperlinks are translated on | hover in the 'status bar' (if we can still call it that). For | mobile users, this is what it shows when you paste one of those | addresses in Firefox: https://snipboard.io/kbLTso.jpg | 1vuio0pswjnm7 wrote: | This program, "ip4dec", converts lists of IPv4 addresses to | decimal. Wrote this while experimenting with storing domain->ip | mappings in a trie, such as https://github.com/tlwg/libdatrie | | Name borrowed from https://github.com/ian-hamlin/ipdec | | Note the trietool "list" command prints data as %d not %u. To | fix, edit list_enum_func() in trietool.c sed | -n 's/ //;wip4dec.l' << eof /* not a | domain name or ip address validator input file | format: (left-justified, no leading spaces) | example.com 93.184.216.34 example.net 93.184.216.34 | comment */ int fileno(FILE *); int | setenv(const char*,const char*,int); int unsetenv(const | char*); #define echo | do{if(fwrite(yytext,(size_t)yyleng,1,yyout)){}}while(0) | #define jmp (yy_start) = 1 + 2 * int x=0,y=0,o=0; | xa [0-9]{1,3}\x2e xb [0-9]{1,3} xc [0-9]{4,5} | xd ^[A-Za-z0-9\.-]+ xe ^[^A-Za-z0-9] %s xa | %option noyywrap nounput noinput %% {xd} | if(yytext[0]=='-'||yytext[0]=='.')jmp | 0;else{o=0;y=0;x=0;setenv("x",yytext,1);jmp xa;} {xe} | jmp 0; <xa>{xc} jmp 0; <xa>{xa}|{xb} { | switch(o){ case 0: | y=atoi(yytext);if(y<1)break;x=y*16777216;y=0;o++;break; | case 1: | y=atoi(yytext);if(y>255)break;x=x+y*65536;y=0;o++;break; | case 2: y=atoi(yytext);if(y>255)break;x=x+y*256;y=0;o++;break; | case 3: y=atoi(yytext);if(y>255)break;x=x+y;printf("%s\t%u\n",g | etenv("x"),x);unsetenv("x");break; default: break; | } } .|\n %% int main(){ | yylex();exit(0) ;} eof flex -8iCrf | ip4dec.l cc -std=c89 -Wall -pedantic -I. -pipe lex.yy.c | -static -o ip4dec | | usage: ip4dec < input-file | | example: echo example.com 93.184.216.34 | icann|ip4dec | | output: example.com 1572395042 | [deleted] | [deleted] | ktpsns wrote: | +1 for <?php if | (isset($_GET['source'])) { | highlight_file(__FILE__); exit; } | | This is such a useful and nice snippet I add to many of my PHP | files. Open Source at its finest, literally "in place" :-) | cpach wrote: | What does it do? | pbiggar wrote: | If you provide the GET parameter "source" (which means you | try /the-url?source"), it prints a pretty-printed version | of the source code. | | So basically it allows the reader to read the source | directly without hunting it down on github of something. | nikeee wrote: | It prints the source off itself, when source is present as | a query parameter: | | https://lucb1e.com/randomprojects/php/funnip.php?source | [deleted] | jeffbee wrote: | It's weird that this is just a side-effect of the way strtol | works, but there's no way (that I can figure out) to get + or - | involved. | lucb1e wrote: | It can't only be that, or 127.1 would not work. It is doing | some parsing beyond just calling a parseInt on each of them | in order to recognize domain names and use name resolution | rather than directly putting the bytes in the IP header. That | must be why 0x9000000.-16250872 doesn't work (if negative | worked, that should also resolve to 8.8.8.8). | dharmab wrote: | I looked into this a while back, IIRC BSD added the "omit | zeroes" as a nonstandard convenience feature and other OSes | copied it. I'm far afk for I'd find my notes on this. | mitchs wrote: | All of this weird behavior is generally inet_aton. | https://linux.die.net/man/3/inet_aton | shireboy wrote: | Out of sheer curiosity, how does one go about reserving an IP | address like this, or the ones CloudFlare and google dns use? | xanathar wrote: | The main prerequisite is "having a bloatload of money". | charcircuit wrote: | Let's say that's true already | linux2647 wrote: | One has to buy the block of IP addresses, from ARIN or some | other Internet governance body, that contains the IP you're | looking for | Scaevolus wrote: | IP address ranges were allocated to various organizations that | can declare routes for them onto their own networks, or sell to | other parties. | | This is most commonly seen with large clouds like AWS buying | millions of IPs from owners that weren't using them. | | You can use "whowas" to track the ownership shifts, but I don't | know of a global index-- each NIC has their own implementation | and restrictions. | | https://www.apnic.net/static/whowas-ui/#1.1.1.1 | EE84M3i wrote: | For me the link on HN is to https://dns.google/ but I'm pretty | sure it's supposed to be to https://010.010.010.010/ (which | redirects, for me). Did the admins change it? | pxc wrote: | Is that a real TLD? | tialaramex wrote: | No, it's an IPv4 address. No TLD is allowed to be a series of | digits in order to avoid any confusion about this. | | Whether your URL parser considers that octal IPv4 addresses | are a reasonable thing is up to each individual parser. On | the whole I'd suggest user-facing software should not permit | this because it's pointlessly confusing. | | Rust took a patch that says if you try to convert (for | example) 010.010.010.010 to an IPv4 address that's an error, | which again I think is reasonable for the same reason. | | In the patch feedback several people want it to mean | 10.10.10.10 and others think it should mean 8.8.8.8 and | eventually it seems to become clear to both groups that this | is itself a _terrible_ sign for their positions, since if you | expected one but got the other now your software has | unexpected behaviour, whereas if you got an _error_ you can | fix your program to do whatever it was you intended. So hence | the error behaviour won. | | [Edited to add: It has been pointed out to me that maybe the | poster meant .google. Yes, that's a TLD owned by Google. They | applied for, and received a number of "new gTLDs" from ICANN, | some like .dev are open for you to register 2LDs in, others | like .google are only for their own use. Running TLDs likely | costs Google somewhere in the region of a million dollars per | year to maintain, but that's a drop in the ocean for a large | tech company.] | pxc wrote: | Yeah, I meant the .google name the IP redirects you to in | the browser | fragmede wrote: | Without getting into the existential question of _what does | it mean to be real_ , yes [0]. It's one of the sponsored | modern TLDs[1], along with the likes of .horse, .cat (not | what you think), .wiki, .club, etc. | | [0] https://en.m.wikipedia.org/wiki/.google [1] | https://en.m.wikipedia.org/wiki/Sponsored_top-level_domain | ignoramous wrote: | TLS certs can be issued to make them work with IP addresses, | which is why https to 8.8.8.8 (octal: 010.010.010.010) works: | https://cabforum.org/guidance-ip-addresses-certificates/ | | See also: https://01.01.01.01/ | | (btw: _.google_ and _.goog_ are valid TLDs) | tialaramex wrote: | Not explicitly mentioned in that CAB/F document, the PKIX | standard that makes ipAddress SANs work actually defines | them as numeric types with a set number of bits, so an | ipAddress is literally a 32-bit or 128-bit value. | | This leaves no room for the ambiguity of the text rendering | something like 010.010.010.010 in the certificate itself. | | Likewise the dnsName SAN type is defined in an alphabet for | X.509 that literally can't represent fancy Unicode, so you | can't mistakenly write certificates with dnsName SANs that | give the Unicode name instead of the unambiguous punycode | name stored in DNS. | | These two choices mean your browser can mechanically with | 100% reliability check certificates in the Web PKI match | the IP address or DNS name from the URL you believed you | were visiting, whereas historically the abuse of "Common | Name" features to write a human representation had nasty | edge cases for both IP addresses and some DNS names. | dang wrote: | Our software follows redirects now. Obviously that's not | correct in cases like this; but it's so much of an improvement | in other cases that I don't want to roll it back. Not sure what | to do yet really. | | I've changed the URL above back to https://010.010.010.010/ | now. Thanks! | JoshTriplett wrote: | Interestingly, Firefox canonicalizes such links to the | decimal IP address: if you hover over it, you see | https://8.8.8.8/ , and if you click on it that's where you | end up. | boramalper wrote: | I was just about to edit my comment: either that is the case or | HN automatically runs a reverse DNS query to get the domain | name associated with the IP address in the submission URL? | missingcolours wrote: | More likely they do an HTTP request and if there's a redirect | they update the link. | boramalper wrote: | Indeed! | knorker wrote: | Depends on the parser. Even under one OS different libc functions | will return different results. | ehershey wrote: | Did google get slashdotted by hacker news? The "getting started" | link at the bottom gives me an internal server error. | jcims wrote: | This is the first time I've seen a certificate issued to an IP | address. Cloudflare does the same thing for 1.1.1.1. | X509v3 Subject Alternative Name: DNS:dns.google, | DNS:dns.google.com, DNS:*.dns.google.com, | DNS:8888.google, DNS:dns64.dns.google, IP | Address:8.8.8.8, IP Address:8.8.4.4, IP | Address:2001:4860:4860:0:0:0:0:8888, IP | Address:2001:4860:4860:0:0:0:0:8844, IP | Address:2001:4860:4860:0:0:0:0:6464, IP | Address:2001:4860:4860:0:0:0:0:64 | | I'm guessing this is in part for network device auth? DNS over | HTTPS? | tialaramex wrote: | You can use this for any purpose. These certificates conform to | PKIX and are part of the Web PKI if they're issued (as this | was) by a trusted CA. | | In some ways the actual _rules_ for IP addresses are less | strict than for DNS names. Perhaps this will get tightened up. | Google Trust Services (the part of Google which issues | certificates, as distinct from say, Chrome, which on behalf of | Relying Parties has to decide if the certificates are | trustworthy) expressed interest in issuing IP address | certificates via ACME, ie automatically to anyone who asks. The | pushback (including from people in other parts of Google) was | considerable, even though what GTS proposed to do was actually | _more_ robust than what 's technically required for issuance | today. But it's nice that they asked (and indeed one argument | to allow what they requested is, hey, there was no | _requirement_ for them to ask, if somebody had just done this | without asking would we have been even more unhappy about that | or would we let it slide?) | | In practical terms, you likely don't get and don't want | certificates with ipAddress SANs in them. You probably don't | get them because (unless GTS went ahead subsequently) this is a | Special Request item not something your Certbot or acme.sh or | whatever can get for you, and you probably don't want them | because unless you're a DNS server people expect to type in a | name, not a sequence of arcane numbers. | jcims wrote: | Awesome info, thank you! | _ache_ wrote: | Yeah ... Just use 1.1. | | Cloudflare is way better. It doesn't even look like an IP. And | you just can't have shorter. | zeroimpl wrote: | Feels like next somebody should setup a DNS system at 2.0. | vmoore wrote: | For those interested in more memorable DNS IPs, there is the | following: | | Just be careful, because TWNIC/Quad101 was subjected to a BGP | hijack in 2019[0] 101.101.101.101 [TWNIC] | 80.80.80.80 [FREENOM][1] 4.2.2.2 [Level 3] | | [0] https://www.manrs.org/2019/05/public-dns-in-taiwan-the- | lates... | | [1] https://www.freenom.world/en/index.html?lang=en | aftbit wrote: | Don't forget 1.1.1.1 and 1.0.0.1 (aka 1.1) [Cloudflare] | vmoore wrote: | Yeah I left that out for a reason. Most geeks know about | that. Also 9.9.9.9 is an obvious one. I wanted to point out | lesser known/esoteric ones | [deleted] | [deleted] | mongol wrote: | Why is Google providing a public DNS? Is it a PR thing? | zhenyavinogrdov wrote: | An example of putting one's public DNS server to a good use is | Cloudflare's analysis of the recent Facebook outage effects | https://blog.cloudflare.com/during-the-facebook-outage/ | jayd16 wrote: | I'm sure it's useful to run analytics over what people are | connecting to but they have plenty of reasons to run their own | DNS for their own purposes. | JonathanMerklin wrote: | Do you perhaps think that DNS log data could be valuable for | Google? As always, when a product is free... | Redoubts wrote: | Is it any worse than the harvesting my ISP is likely doing? | tjoff wrote: | Yes. And no, I would not assume that your ISP is doing it. | neilk wrote: | Octal 010 is 8. Dotted quads can apparently be in octal, so | that's just 8.8.8.8 . | | What are we looking at here that's new? | capableweb wrote: | "News" in Hacker News doesn't necessarily mean everything is | new that comes up. Everyone might not know what you know, so | sometimes it's interesting enough to end up on the front page. | sieabahlpark wrote: | Sounds like Reddit. | makeworld wrote: | Google's server handles the octal case if it's provided | directly. Not sure if this is an explicit code path or if the | server handles all IP forms. | | Try this: curl -v -H "Host: 010.010.010.010" | https://8.8.8.8 | | Trying to do the same with other websites doesn't seem to work. | icedchai wrote: | They probably don't even look at the host header. You can set | _any_ host header and it works. | [deleted] | Philip-J-Fry wrote: | Edge (and I presume Chromium) interprets a | https://010.010.010.010 URL as https://8.8.8.8 | | You can check it by hovering over the link | lucb1e wrote: | Not sure what you mean about other websites, it works fine on | Apache and Nginx, e.g. on my server: curl | -kiH Host:1348764566 https://1348764566 | | (-k flag needed because I didn't get a valid cert for this | variant of the IP. One could also specify the fingerprint but | let's keep the demo simple.) | | It'll give you a 404 because of the unknown vhost, but it | would also do that if you access it using the 'normal' dotted | decimal notation: http://80.100.131.150 | | I used to detect this number actually and it would give you a | small easter egg, but nobody triggered it and nowadays | Firefox doesn't send it as a host header anymore when you | specify the IP as such so I didn't check how to port that | over to my new web server stack. | anderskaseorg wrote: | Google's server doesn't handle that as a special case; it | redirects any host other than dns.google to dns.google. These | give the same result: curl -v -H "Host: | 010.010.010.010" https://8.8.8.8 curl -v -H "Host: | 222.222.222.222" https://8.8.8.8 curl -v -H "Host: | example.com" https://8.8.8.8 | cpach wrote: | https://xkcd.com/1053/ | sixothree wrote: | And why on earth would anyone want to use google's DNS. | tata71 wrote: | Have you used malicious ISP DNS resolution?! ___________________________________________________________________ (page generated 2021-10-30 23:00 UTC)