How I know it? Easy. I have tree hosts: my own laptop, liz a VPS in Germany with IP 82.211.30.224  and abbie a VPS in USA.

# I don't even have a DNS server installed on this host (liz)

$ ssh root@82.211.30.224  tcpdump 'port 52'

And now I run from my laptop (the one that is conected to my ISP, Vodafone):

$laptop> dig +short @82.211.30.224 goatse.com

75.101.142.70  
54.243.105.88

And I get two results. How is this even possible to get results if I'm making the query to my own server and I don't even have a DNS server installed? Simple, checking out the console where I'm running tcpdump I see that any request package has arrived on my VPS. Cool. It means that someone else is giving me an answer but.... who? I don't know. Probably the DNS servers of Vodafone.

I do the same test with the VPS in the USA, and lets see what happens:

$abbie> dig +short @82.211.30.224 goatse.com

;; connection timed out; no servers could be reached

Oh. That makes more sense. And from the console where I'm running TCPDUMP we can see the request made to my server:

22:04:40.093864 IP XXX.XXX.XXXX.XXX.52702 > 82.211.30.224.domain:
34396+ A? goatse.com. (28)

So, again. WHYYYYYY VODAFONE!?? WHYYYY?! I mean, I thought we have a relationship where I pay you, and you give me access to the Internet. What I could not imagine was that you where hijacking my DNS packets and modifying them at your wish :S