nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TWC (AS11351) blocking all NTP?

From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Mon, 3 Feb 2014 10:55:00 +0100
On Mon, Feb 03, 2014 at 04:09:39AM +0000,
 Dobbins, Roland <rdobbins () arbor net> wrote 
 a message of 20 lines which said:


I also think that restricting your users by default to your own
recursive DNS servers, plus a couple of well-known, well-run public
recursive services, is a good idea - as long as you allow your users
to opt out.


That's a big "as long". I agree with you but I'm fairly certain that
most ISP who deny their users the ability to do DNS requests directly
(or to run their own DNS resolver) have no such opt-out (or they make
it expensive and/or complicated). After all, when outside DNS is
blocked, it is more often for business reasons (forcing the users to
use a local lying resolver, with ads when NXDOMAIN is returned) than
for security reasons.
Previous By Date Next
Previous By Thread Next

Current thread: