nanog mailing list archives
Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses
From: Tim Burke <tim () mid net>
Date: Tue, 31 Oct 2023 01:22:28 +0000
Agreed, it should be 100% opt-in… and I don’t even like the idea of providing filtered DNS at all. But sadly, judging by the number of neighborhood Facebook group posts I see from people complaining about “their wifi being down” during yet another fiber cut, there are an increasingly large number of end users that expect their ISPs to provide a 100% idiot-proof solution. Security filtering is part of that solution, along with all of the ’set and forget’ mesh wifi systems that clog up spectrum worse than an overdriven CB radio. Certainly not bulletproof, but as the movie “Idiocracy” turns more and more into a documentary, I think solutions like this will become more commonplace. As long as clueful users can disable it without trouble, I’m perfectly fine with it.
On Oct 30, 2023, at 6:00 PM, Owen DeLong via NANOG <nanog () nanog org> wrote:On Oct 30, 2023, at 07:58, Livingood, Jason <jason_livingood () comcast com> wrote: On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote:If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? DNS isn’t the right place to attack this, IMHO.Are we sure that the filtering is done in the default view - I would suggest the user check to ensure they don't have a filtering service (e.g. parental controls/malware protection) turned on. In my **personal** opinion, the default view should have DNSSEC validation & no filtering; users can always optionally select additional protection services that might include DNS-based filtering as well as other mechanisms. JLLooks like 9.9.9.9 is filtered but ONLY for actual verified security threats, not spam, etc. If you want unfiltered, they offer 9.9.9.10. Cloudflare offers two different filtered services, but 1.1.1.1 remains unfiltered. 1.1.1.2 is “No Malware” 1.1.1.3 is “No Malware or Adult Content” So yes, apparently one (and only one) public resolver now filters by default. I stand by my statement… It should be an opt-in choice, not a default. Owen
Current thread:
- Re: Charter DNS servers returning malware filtered IP addresses, (continued)
- Re: Charter DNS servers returning malware filtered IP addresses Tom Beecher (Oct 29)
- Re: Charter DNS servers returning malware filtered IP addresses John Levine (Oct 29)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Jay R. Ashworth (Oct 28)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Delong.com via NANOG (Oct 28)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses John R. Levine (Oct 29)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Livingood, Jason via NANOG (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses John R. Levine (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Livingood, Jason via NANOG (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Compton, Rich A (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Owen DeLong via NANOG (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Tim Burke (Oct 30)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Michael Thomas (Oct 27)
- Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses John Levine (Oct 29)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Eric Kuhnke (Oct 27)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Glenn McGurrin via NANOG (Oct 28)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Glenn Kelley (Oct 29)
- RE: Charter DNS servers returning invalid IP addresses Greg Dickinson (Oct 25)
- Re: Charter DNS servers returning invalid IP addresses Bryan Fields (Oct 25)
- Re: Charter DNS servers returning invalid IP addresses J. Hellenthal via NANOG (Oct 26)