[dns-operations] new public DNS service:

Paul Vixie paul at redbarn.org
Mon Nov 20 18:05:34 UTC 2017

Noel Butler wrote:
> ...
> ISP's I've been with in times gone by have often "hijacked" open DNS
> resolvers, to ensure their users get best experience by using their
> own DNS servers. not a thing likes of google etc, can do about it.
> for instance, with the new laws in Australia, you'll find plenty
> localising googles and opendns's resolvers ip's to enforce and
> satisfy court directions from copyright orders also allows them to
> use RPZ's to stop their users from going to phishing sites and so on,
> most users wouldnt know the difference, nor care.

when i found a large academic network doing local routing and service 
for the root name server addresses, i reached out to complain. while 
they did not use this formulation, they did say, "our network, our 
rules". since that's what i said to justify the first (MAPS) RBL, i had 
no ready response.

so, add this to the list of reasons why everyone should run their own 
RDNS, and why they should use DNSSEC validation. you might not be able 
to stop hijacking, but you can at least be viscerally aware of it, and 
you can make your own decisions as to whether to believe made-up answers.

P Vixie

More information about the dns-operations mailing list