[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yet another Quadruple DNS?

Subject: Yet another Quadruple DNS?
From: woody at pch.net (Bill Woodcock)
Date: Thu, 29 Mar 2018 08:29:57 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <CAMCxY-H7xzwp+9OeCD=ooh4Qd5mc=h65wj1qu0cOZRq7AYAc5g@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <20180329T131245Z@localhost> <[email protected]> <[email protected]> <[email protected]>

> \On Mar 29, 2018, at 7:27 AM, Brian Kantor <Brian at ampr.org> wrote:
> 
> On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote:
>> I've never really understood this - if you don't trust your ISP's DNS,
>> why would you trust them not to transparently intercept any well-known
>> third-party DNS?
> 
> Of course they could.  But it's testable; experiments show that they
> aren't doing so currently.

Experiments may show that in some tested cases they arenâ??t, but in the big picture, yes, there are ISPs who are internally capturing 8.8.8.8, and who try to do the same with 9.9.9.9.  Which is why itâ??s so important to do cryptographic validation of the server and encryption of the transport, as well as DNSSEC validation.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180329/0b9b43bf/attachment.sig>

Follow-Ups:
- Yet another Quadruple DNS?
  - From: michael at wi-fiber.io (Michael Crapse)
- Yet another Quadruple DNS?
  - From: bortzmeyer at nic.fr (Stephane Bortzmeyer)

References:
- Yet another Quadruple DNS?
  - From: me at payam124.com (Payam Poursaied)
- Yet another Quadruple DNS?
  - From: michael at wi-fiber.io (Michael Crapse)
- Yet another Quadruple DNS?
  - From: daknob.mac at gmail.com (DaKnOb)
- Yet another Quadruple DNS?
  - From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
- Yet another Quadruple DNS?
  - From: mattlists at rivervalleyinternet.net (Matt Hoppes)
- Yet another Quadruple DNS?
  - From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
- Yet another Quadruple DNS?
  - From: chip at 2bithacker.net (Chip Marshall)
- Yet another Quadruple DNS?
  - From: izaac at setec.org (Izaac)
- Yet another Quadruple DNS?
  - From: Brian at ampr.org (Brian Kantor)
- Yet another Quadruple DNS?
  - From: cma at cmadams.net (Chris Adams)
- Yet another Quadruple DNS?
  - From: Brian at ampr.org (Brian Kantor)

Prev by Date: validating reachability via an ISP
Next by Date: Yet another Quadruple DNS?
Previous by thread: Yet another Quadruple DNS?
Next by thread: Yet another Quadruple DNS?
Index(es):
- Date
- Thread