nanog mailing list archives
Re: Thank you, Comcast.
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 26 Feb 2016 12:21:27 -0500
On Fri, Feb 26, 2016 at 11:04:49AM -0500, Curtis Maurand wrote:
I run my own resolver from behind my firewall at my home. I don't allow incoming port 53 traffic. I realize there's not a lot of privacy on the net, but I don't like having my dns queries tracked in order to target advertising at me and for annoying failed queries to end up at some annoying search page.
Likewise, and I don't like getting back forged DNS responses because some already-bloated ISP needs to tuck a few more dollars into their executives' paychecks. I've tested it fairly thoroughly in order to ensure that it can't be conscripted into an attack and do so again every time I make a firewall configuration change or a software upgrade. I've also started running local resolvers on portable systems in order to avoid the same set of problems when connecting to random networks. It often occurs to me that if the engineers of those networks invested the time that they spend corrupting DNS into preventing DNS-borne attacks that the entire Internet would be better off. ---rsk
Current thread:
- Re: Thank you, Comcast., (continued)
- Re: Thank you, Comcast. John Levine (Feb 26)
- Re: Thank you, Comcast. Roland Dobbins (Feb 26)
- Re: Thank you, Comcast. John Levine (Feb 26)
- Re: Thank you, Comcast. Roland Dobbins (Feb 26)
- RE: Thank you, Comcast. Keith Medcalf (Feb 26)
- Re: Thank you, Comcast. Roland Dobbins (Feb 26)
- Re: Thank you, Comcast. Valdis . Kletnieks (Feb 26)
- Re: Thank you, Comcast. John Levine (Feb 26)
- Re: Thank you, Comcast. Jared Mauch (Feb 26)
- Re: Thank you, Comcast. Curtis Maurand (Feb 26)
- Re: Thank you, Comcast. Rich Kulawiec (Feb 26)
- Re: Thank you, Comcast. John Kristoff (Feb 26)