I\'m subscribed to goverment\'s owned ISP because only this ISP provides access
ID: 657969 • Letter: I
Question
I'm subscribed to goverment's owned ISP because only this ISP provides access to rural area. It has a bad reputation because it is not only redirects sites, but also injects JavaScript for advertising at the end of HTML pages.
I've been using dnscrypt to avoid redirection. But a few hours ago, I accidentally discovered that DNS request for www.google.com resolved to 118.98.111.30. I'm using OpenDNS as a provider for dnscrypt-proxy.
A quick whois shows that the IP is owned by my ISP. After restarting my home routers and PCs, DNS requests for www.google.com return IP owned by Google and never return 118.98.111.30 again.
I would like to know what I can do to determine that this IP is part of Google's CDN or some kind of rogue site?
Explanation / Answer
You might have hit the "Google Global Cache" where servers are placed on your ISPs network to provide lower-latency access to commonly used resources. The fact that visiting that IP address in a browser gives the Google search page reinforces this likelihood.
As for trusting IP addresses: don't. Always use protocols protected by strong end-to-end encryption (TLS) and rely on the certificates presented. While they might not be perfect (they're not!), the TLS infrastructure is a lot better than trying to be reassured about DNS. (Though dnscrypt and/or DNSSEC can offer some reassurances in the DNS space as well, they're not widely deployed.)