nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS filtering, was Thank you, Comcast.

From: "John Levine" <johnl () iecc com>
Date: 26 Feb 2016 17:54:26 -0000
In article <848464982.14027.1456503347620.JavaMail.mhammett@ThunderFuck> you write:

I think you'd be hard pressed to find more than a tenth of a percent of people attempt to run their own DNS server. 
Some do because they think
it'll be better in some way. Rare is the occasion where anything user configured would outperform a local DNS server 
managed by the ISP that does no form of trickery. 


I run my own DNS cache behind my home NAT router.  It knows about some
locally served names so I can refer to the computers on my LAN by
name, and it does DNSSEC which my ISP's (T-W) DNS caches don't.  Since
it's not visible from outside, it's hard to see how anyone could abuse
it, and it really does stuff that other caches don't.

I wouldn't have any problem if my ISP filtered outgoing port 53
traffic with the QR bit set, of which I should be sending none, but
I'd be annoyed if they filtered outgoing queries.

R's,
John
Previous By Date Next
Previous By Thread Next

Current thread: