[dns-operations] new public DNS service: 9.9.9.9
Damian Menscher
damian at google.com
Mon Nov 20 17:16:06 UTC 2017
On Mon, Nov 20, 2017 at 4:28 AM, Noel Butler <noel.butler at ausics.net> wrote:
> On 20/11/2017 22:08, Damian Menscher wrote:
>
> On Mon, Nov 20, 2017 at 3:47 AM, Florian Weimer <fweimer at redhat.com>
> wrote:
>
>> On 11/18/2017 09:11 AM, Damian Menscher wrote:
>>
>>> Your argument that you don't trust the ISPs between you and
>>> Google/OpenDNS/Quad9, and therefore run your own local recursive
>>> resolver,
>>> confuses me. After all, your local recursive needs to query third-party
>>> authoritative servers anyway.
>>>
>>> To convince yourself, answer these two questions:
>>> - How many ISPs are between you and 8.8.8.8? I'm on Comcast, and they
>>> have direct peering with Google, so the number is zero.
>>
>> 8.8.8.8 is increasingly seen as an anycast service address for DNS
>> unrelated to Google, similar to how you download the SSH keys for root
>> login from 169.254.169.254 or instance-data. I expect that many ISPs route
>> 8.8.8.8 to their own servers.
>
>
> Unlike 169.254/16 which is defined by RFC to be link-local, 8.8.8.0/24
> has been allocated to Google.
>
> If you identify instances of BGP hijacking please report either privately
> to the victim (Google in your example) or publicly to the nanog mailing
> list, so corrective action can be taken.
>
>
> ISP's I've been with in times gone by have often "hijacked" open DNS
> resolvers, to ensure their users get best experience by using their own DNS
> servers. not a thing likes of google etc, can do about it. for instance,
> with the new laws in Australia, you'll find plenty localising googles and
> opendns's resolvers ip's to enforce and satisfy court directions from
> copyright orders
> also allows them to use RPZ's to stop their users from going to phishing
> sites and so on, most users wouldnt know the difference, nor care.
>
Actually the users *do* care, which is why they explicitly changed their
settings from the ISP default to 8.8.8.8.
Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171120/5263abe7/attachment.html>
More information about the dns-operations
mailing list