Site Loader
Probably, although you might just be another collateral in the blanket (illegal?) surveillance they have going on domestically, even if you aren’t a specific target.

So, I have a local recursive DNS cache server, primarily to speed up my internet, but also to block ads and malware infested websites. I usually don’t store the domain query logs, but a week ago, I decided to do that, so that I can keep an eye on my devices.

Today, I was checking the query logs on a whim, when I found several random requests to * from my devices.

The .mil TLD is reserved specifically for military, regular people can’t get them (if you weren’t aware already)

I obviously blocked it immediately. I have never been to a .mil website before (why would I need to?), so I wouldn’t have any cookies stored in my browsers. Moreover, I wouldn’t want my devices to connect to a service without my knowledge.

Pi-hole is an excellent service!

Now that I had put a Band-Aid solution in place, it was time to look into it in detail.

In the course of learning more about that specific domain, I came to know that .mil TLDs are not supported by ICANN lookup services. ICANN lookup usually gives you a whole lot of information about a domain. You can try for yourself here.

Example ICANN lookup data of my domain

See how I have DNSSEC enabled? It is an important feature every network engineer should enable (really, it only takes a few lines of codes) to ensure your website is not spoofed. Incidentally, I noticed that the domains have DNSSEC enabled. So, I did the next best thing I knew; I tried to find out the chain-of-trust of the DNSSEC key associated with those domains in order to find out their IP addresses. You can try out the tool for yourself here. What I found for is this:

The whole result can be found here. Honestly, I expected better key algorithms from the military. RSA/SHA-256 is so pedestrian!

I found the following three IP addresses associated with the domain:




Now that I have the actual IP addresses, it is time to find out where they are located, which ISP they use, etc.! There are way too many tools to do that, what I have personally found to be very accurate time and again is this. The results are:




All three of these IP addresses use the same ISP, DoD Network Information Center. The first two IPs yield the same location in Columbus, Ohio (map on top). The third yields a location in Chicago (map at the bottom), and as you can clearly see, both are Federal buildings.

Am I important enough to be specifically targeted by the NSA? Nope. But do I know that NSA snoops on all communications? Yep. Am I a collateral to their blanket domestic snooping? Probably. Do I need to secure my network more? Drastically. Can I do it? Probably not.

So what do I do now? Nothing! I just have to hope my Band-Aid solution keeps the leak in check, because I am definitely not technically knowledgeable enough to escape the Big Brother. We just have to wait to see what, if anything, happens!

What can you do? Install Pi-hole. Seriously, it’s a good place to start for securing your network. Keep an eye out for unauthorized connections and block them. Will it stop all government snooping? Definitely not! But it will deter the simplest of these kinds of attacks. Use a VPN, always. Don’t trust your ISP to protect your data, they won’t. I use Verizon Fios, I hate the company, but I was forced to get them either way; cartel-style territorial monopolies are the worst. I still had a choice (my only other choice was Comcast, but you know I couldn’t have chosen the most hated company in America, right?), most people in America don’t even have that luxury. Stay vigilant, but not to the point of wearing a tin-foil hat. And as always, please don’t perpetuate “if you have nothing to hide, why do you need privacy”.



An Indian expat learning to live 8000 miles away from home. Mechanical Engineer by degree, Market Analyst by profession.

Leave a Reply

Your email address will not be published. Required fields are marked *