Sprint appears to be hijacking DNS, replying with IP's to their own ad/"search" server for bad hostnames that should return NXDOMAIN. Also, using 'dig +DNSSEC example.com 8.8.8.8' returns with Sprint's response prepended to the queried server's NXDOMAIN response and the ad bit cleared. According the google, the ad bit is supposed to be set in replies for DNSSEC enabled queries,since their public server is configured to do just that. Further, for some DNS queries, such as for isc.org, there is no response at all, not even NXDOMAIN. I know those sites still exist because I can get the IP from websites with DNS tools. Sprint definitely appears to be intercepting all port 53 traffic. This started within the last month. Sprint still uses HTTP redirects to send http requests to nonexistent servers to it's own ad/"search" servers. Is it possible to avoid this stuff? I don't see how it is possible when Sprint is not merely watching DNS traffic but actively intercepting it and modifying it, disabling DNSSEC. Unrelated(?), there are occasions where invalid SSL/TLS certificates are received with the correct CN but the wrong fingerprint, etc., and the wrong server keys received when connecting to servers using SSH. It does not stop until I drop the connection and reconnect. jd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org