[dns-operations] new public DNS service: 220.127.116.11
paul at redbarn.org
Sat Nov 18 08:29:50 UTC 2017
Damian Menscher wrote:
> On Fri, Nov 17, 2017 at 10:41 PM, Paul Vixie <paul at redbarn.org
> <mailto:paul at redbarn.org>> wrote:
> believe google's for 18.104.22.168 and cisco/umbrella's for opendns, i do
> not trust all of the ISP's between me and them, and all of the
> telco's they buy service from, not to data mine my queries.
> Your argument that you don't trust the ISPs between you and
> Google/OpenDNS/Quad9, and therefore run your own local recursive
> resolver, confuses me. After all, your local recursive needs to query
> third-party authoritative servers anyway.
the data upstream of a recursive does not show end-user ip addresses,
22.214.171.124 is so important. you guys do good work with that -- please don't
take this e-mail thread as a complaint.
> To convince yourself, answer these two questions:
> - How many ISPs are between you and 126.96.36.199? I'm on Comcast, and
> they have direct peering with Google, so the number is zero.
> - How many ISPs are between you and the average authoritative DNS
> server you need to reach? I'm guessing that number is non-zero.
> Or did I misunderstand what you meant about the ISPs/telcos between you
> and the third-party rDNS providers?
i am not always zero or one hop away from google. but even if i were, i
would want to control my own RDNS policy, using DNS RPZ. google's raw
unfiltered service is exactly what i want when i'm on travel, but it's
not what i want all the time.
More information about the dns-operations