Domain Name System

The provider will resolve google.com to its own IP, while HTTPS continues to work. It's safe?

The local provider will resolve google.com, youtube.com and, possibly, some other addresses IP address from its own range, namely 85.114.182.207, 85.114.182.211 and others from this range (provider: aist.net.ru, Tolyatti ). For reference, the DNS servers are 81.28.160.1 and 82.28.160.111, but they are most likely only accessible from the internal network.

For youtube.com, the provider's DNS gave out the address 81.28.161.2, and the reverse nslookup 81.28.161.2 gave this:

$ nslookup 81.28.161.2
Server:		127.0.1.1
Address:	127.0.1.1#53

Non-authoritative answer:
2.161.28.81.in-addr.arpa	name = blocked-sites.aist.net.ru.
...

Which, as it were, hints that the provider is shamanizing with DNS in order to block what is included in the list of prohibited sites and its behavior can be explained. By the way, rutracker.org resolves there too, but, unlike youtube and google, we get to a page with information about the ban, and traffic to youtube and google transparently passes through the provider.

I was most confused in this situation by the fact that youtube and google have been working over HTTPS for a long time and only over HTTPS. And even more surprising is that by clicking on the site icon in Firefox, we see a green inscription "Secure connection, verified by Google Inc." (update: the icon is still not green, i.e. the same as here on the Toaster, but not the same as, for example, on the github) .

Actually, the question is: is it safe? And how is this even possible? Once the certificate is verified by Google Inc. (when entering which we knock on the server of the provider, not Google), does this mean that the certificate is not signed by Google and the traffic is subject to listening?

(Having discovered this, I, of course, will change the DNS to Yandex 77.88.8.8, but I still want to know about the security of the above. Thank you.)