[dns-operations] new public DNS service: 220.127.116.11
paul at redbarn.org
Mon Nov 20 18:05:34 UTC 2017
Noel Butler wrote:
> ISP's I've been with in times gone by have often "hijacked" open DNS
> resolvers, to ensure their users get best experience by using their
> own DNS servers. not a thing likes of google etc, can do about it.
> for instance, with the new laws in Australia, you'll find plenty
> localising googles and opendns's resolvers ip's to enforce and
> satisfy court directions from copyright orders also allows them to
> use RPZ's to stop their users from going to phishing sites and so on,
> most users wouldnt know the difference, nor care.
when i found a large academic network doing local routing and service
for the root name server addresses, i reached out to complain. while
they did not use this formulation, they did say, "our network, our
rules". since that's what i said to justify the first (MAPS) RBL, i had
no ready response.
so, add this to the list of reasons why everyone should run their own
RDNS, and why they should use DNSSEC validation. you might not be able
to stop hijacking, but you can at least be viscerally aware of it, and
you can make your own decisions as to whether to believe made-up answers.
More information about the dns-operations