Running "nslookup google.com 8.8.8.8" yields IPs of my ISP (as Non-authoritative answer). I think this started occurring recently. Probably they are making cache or something, as nearest Google data center is quite far away.
First of all, how is that even possible? I thought the worst they could do is block me from sending a DNS request to 8.8.8.8 (say by blocking remote port 53), but how can they trick 8.8.8.8 from sending me a correct address?
Second, how can I bypass this, if at all?
Thanks
EDIT:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\asdf nslookup google.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4017:801::1006
212.199.205.232 212.199.205.242 212.199.205.222 212.199.205.237 212.199.205.231 212.199.205.241 212.199.205.212 212.199.205.227 212.199.205.247 212.199.205.246 212.199.205.251 212.199.205.221 212.199.205.217 212.199.205.236 212.199.205.226 212.199.205.216
C:\Users\asdf>
And using DNSCrypt (with and without option of DNSCrypt over port 443):
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\asdf>nslookup google.com
1.0.0.127.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 127.0.0.1
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4017:800::1008 212.199.205.242 212.199.205.247 212.199.205.237 212.199.205.232 212.199.205.231 212.199.205.226 212.199.205.217 212.199.205.212 212.199.205.227 212.199.205.241 212.199.205.236 212.199.205.246 212.199.205.216 212.199.205.251 212.199.205.221 212.199.205.222
C:\Users\asdf>
Formatting is a bit off, sorry about that.
8.8.8.8
(or any non-encrypted connection) and inject whatever data they want; However, that kind of hijacking would be suicide for an ISP's reputation.