[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yet another Quadruple DNS?

Subject: Yet another Quadruple DNS?
From: michael at wi-fiber.io (Michael Crapse)
Date: Thu, 29 Mar 2018 09:44:29 -0600
In-reply-to: <[email protected]>
References: <[email protected]> <CAMCxY-H7xzwp+9OeCD=ooh4Qd5mc=h65wj1qu0cOZRq7AYAc5g@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <20180329T131245Z@localhost> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

Along these same lines, we have a service that captures all DNS requests
regardless the server(only non-TLS, albeit), that people pay $9.99/mo for,
so they definitely want this.. We just NAT all requests to Open DNS servers
to provide internet filtering as a service. It would be arbitrarily trivial
to run our own DNS service and reply to any unencrypted DNS request to any
DNS server with whatever A or AAAA record we want..

On 29 March 2018 at 09:29, Bill Woodcock <woody at pch.net> wrote:

> > \On Mar 29, 2018, at 7:27 AM, Brian Kantor <Brian at ampr.org> wrote:
> >
> > On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote:
> >> I've never really understood this - if you don't trust your ISP's DNS,
> >> why would you trust them not to transparently intercept any well-known
> >> third-party DNS?
> >
> > Of course they could.  But it's testable; experiments show that they
> > aren't doing so currently.
>
> Experiments may show that in some tested cases they arenâ??t, but in the big
> picture, yes, there are ISPs who are internally capturing 8.8.8.8, and who
> try to do the same with 9.9.9.9.  Which is why itâ??s so important to do
> cryptographic validation of the server and encryption of the transport, as
> well as DNSSEC validation.
>
>                                 -Bill
>
>

Follow-Ups:
- Yet another Quadruple DNS?
  - From: alan.buxey at gmail.com (Alan Buxey)

References:
- Yet another Quadruple DNS?
  - From: me at payam124.com (Payam Poursaied)
- Yet another Quadruple DNS?
  - From: michael at wi-fiber.io (Michael Crapse)
- Yet another Quadruple DNS?
  - From: daknob.mac at gmail.com (DaKnOb)
- Yet another Quadruple DNS?
  - From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
- Yet another Quadruple DNS?
  - From: mattlists at rivervalleyinternet.net (Matt Hoppes)
- Yet another Quadruple DNS?
  - From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
- Yet another Quadruple DNS?
  - From: chip at 2bithacker.net (Chip Marshall)
- Yet another Quadruple DNS?
  - From: izaac at setec.org (Izaac)
- Yet another Quadruple DNS?
  - From: Brian at ampr.org (Brian Kantor)
- Yet another Quadruple DNS?
  - From: cma at cmadams.net (Chris Adams)
- Yet another Quadruple DNS?
  - From: Brian at ampr.org (Brian Kantor)
- Yet another Quadruple DNS?
  - From: woody at pch.net (Bill Woodcock)

Prev by Date: Yet another Quadruple DNS?
Next by Date: Yet another Quadruple DNS?
Previous by thread: Yet another Quadruple DNS?
Next by thread: Yet another Quadruple DNS?
Index(es):
- Date
- Thread