Re: Google DNS intermittent ServFail for Disney subdomain

[Jean-Francois Mezei <jfmezei_nanog () vaxination ca>]

On 2017-10-25 13:05, Matthew Pounsett wrote:

> I'm also led to wonder how much worse it would be if all those CPE were
> open recursives instead of open forwarders.  I'd like to see CPE
> manufacturers' decision making and processes improved BEFORE we start
> encouraging them to go around ISPs' DNS servers or the large public
> recursive clouds.


A while back, the Québec government, wanting to protect its gambling
monopoly, decided to force ISPs to block a list of gambling sites (list
drawn up by the gambling monopoly to block outside competitors).

Recently, Bell Canada went to government suggesting the government setup
a internet web site block list to prevent canadians from accessing
pirating web sites.

And of course, in the USA, the upcoming decision to drop Title II for
ISPs may result in large ISPs quickly starting to play tricks on DNS
(redirecting traffic to their own properties etc).

While all this is in its infancy and may not happen, this could have
serious impact on the architecture of DNS with large swaths of customers
bypassing their ISP's DNS services.

But it is more likely that everyone would be going to 8.8.8.8 instead of
running their own recursive server. But if the "free" DNS servers also
start to play games or charge money, then CPE equipment may start
including a full bind recursive server and bypass everything.

This is why it is important for network folks to educate politicians to
not play with the internet.