[dns-operations] new public DNS service: 184.108.40.206
damian at google.com
Mon Nov 20 17:16:06 UTC 2017
On Mon, Nov 20, 2017 at 4:28 AM, Noel Butler <noel.butler at ausics.net> wrote:
> On 20/11/2017 22:08, Damian Menscher wrote:
> On Mon, Nov 20, 2017 at 3:47 AM, Florian Weimer <fweimer at redhat.com>
>> On 11/18/2017 09:11 AM, Damian Menscher wrote:
>>> Your argument that you don't trust the ISPs between you and
>>> Google/OpenDNS/Quad9, and therefore run your own local recursive
>>> confuses me. After all, your local recursive needs to query third-party
>>> authoritative servers anyway.
>>> To convince yourself, answer these two questions:
>>> - How many ISPs are between you and 220.127.116.11? I'm on Comcast, and they
>>> have direct peering with Google, so the number is zero.
>> 18.104.22.168 is increasingly seen as an anycast service address for DNS
>> unrelated to Google, similar to how you download the SSH keys for root
>> login from 169.254.169.254 or instance-data. I expect that many ISPs route
>> 22.214.171.124 to their own servers.
> Unlike 169.254/16 which is defined by RFC to be link-local, 126.96.36.199/24
> has been allocated to Google.
> If you identify instances of BGP hijacking please report either privately
> to the victim (Google in your example) or publicly to the nanog mailing
> list, so corrective action can be taken.
> ISP's I've been with in times gone by have often "hijacked" open DNS
> resolvers, to ensure their users get best experience by using their own DNS
> servers. not a thing likes of google etc, can do about it. for instance,
> with the new laws in Australia, you'll find plenty localising googles and
> opendns's resolvers ip's to enforce and satisfy court directions from
> copyright orders
> also allows them to use RPZ's to stop their users from going to phishing
> sites and so on, most users wouldnt know the difference, nor care.
Actually the users *do* care, which is why they explicitly changed their
settings from the ISP default to 188.8.131.52.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations