Unable to investigate DNS poisoning between China and US

Question

I am interested to know how the DNS requests to political sites differ in different countries.

I need to know how I can send a DNS query to a remote computer, let say, in China. Then, I want to compare the results to US. The goal of the experiment is to get a hand-on experience on the concept about DNS poison. I feel my lectures so theoretical.

How can you compare DNS requests between China and US, such that I can investigate DNS poisoning?

Answer 1

This depends a bit on how the queries are being altered. If the server is giving different results based on your locality, then asking it directly will not be of any use. If you're queries are being poisoned by a caching server in between, these methods might help.

If you have shell accounts in different parts of the world you can perform a simple test.

I'm using 'dig', which is available on most *nix systems. If you're running Windows you might want to search for an alternative in this list of DNS tools

To find the responsible DNS servers
dig ns domain-in-question.com @the.dns.server.you.want.to.use
To get the IP addres for the hostname
dig a host.domain-in-question.com @the.dns.server.you.want.to.use
(You can skip the @.. part to run with your current server)

I recommend trying both of these from different parts of the world to see if the server itself is giving different results or if the caching servers on the way there are being poisoned.

Also, searching for 'how to poison dns' gave me a number of practical results.

Answer 2

You can just use nslookup (the server command lets you specify the DNS server to ask)