[dns-operations] new public DNS service:

Damian Menscher damian at google.com
Mon Nov 20 17:16:06 UTC 2017

On Mon, Nov 20, 2017 at 4:28 AM, Noel Butler <noel.butler at ausics.net> wrote:

> On 20/11/2017 22:08, Damian Menscher wrote:
> On Mon, Nov 20, 2017 at 3:47 AM, Florian Weimer <fweimer at redhat.com>
> wrote:
>> On 11/18/2017 09:11 AM, Damian Menscher wrote:
>>> Your argument that you don't trust the ISPs between you and
>>> Google/OpenDNS/Quad9, and therefore run your own local recursive
>>> resolver,
>>> confuses me.  After all, your local recursive needs to query third-party
>>> authoritative servers anyway.
>>> To convince yourself, answer these two questions:
>>>    - How many ISPs are between you and  I'm on Comcast, and they
>>> have direct peering with Google, so the number is zero.
>> is increasingly seen as an anycast service address for DNS
>> unrelated to Google, similar to how you download the SSH keys for root
>> login from or instance-data.  I expect that many ISPs route
>> to their own servers.
> Unlike 169.254/16 which is defined by RFC to be link-local,
> has been allocated to Google.
> If you identify instances of BGP hijacking please report either privately
> to the victim (Google in your example) or publicly to the nanog mailing
> list, so corrective action can be taken.
> ISP's I've been with in times gone by have often "hijacked" open DNS
> resolvers, to ensure their users get best experience by using their own DNS
> servers. not a thing likes of google etc, can do about it. for instance,
> with the new laws in Australia, you'll find plenty localising googles and
> opendns's resolvers ip's to enforce and satisfy court directions from
> copyright orders
> also allows them to use RPZ's to stop their users from going to phishing
> sites and so on, most users wouldnt know the difference, nor care.

Actually the users *do* care, which is why they explicitly changed their
settings from the ISP default to

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171120/5263abe7/attachment.html>

More information about the dns-operations mailing list