[dns-operations] new public DNS service: 9.9.9.9

Paul Vixie paul at redbarn.org
Tue Nov 21 04:04:11 UTC 2017




> Noel Butler wrote:
>> ... until one said "it seemed cool to use 8.8.8.8"
>> All I could do was just laugh.

observed, and agreed.

Robert Edmonds wrote:
> Hijacking other providers' service addresses is an extremely serious
> remedy. If an ISP were caught doing this, their users don't have to
> justify their desire to use a third party service to the ISP. The ISP
> should have to justify why such a serious remedy is necessary in the
> first place.

their network, their rules. when google saw opendns pirating dns answers 
to "www.google.com" they had no cause of action in either civil or 
criminal law. their only recourse was to create 8.8.8.8 and try to take 
that traffic back.

there are plenty of ISP's in the world, including the extreme case of 
hotel room middleboxes, who policy-route UDP/53 to their own DNS proxy, 
period, full stop, don't look at the destination address. they do not 
care what we here think.

the great firewall of china, likewise.

i think outrage would be late, and misplaced. run your own RDNS, 
validate with DNSSEC, and when lookups fail, stop using the internet 
until you have better connectivity.

-- 
P Vixie




More information about the dns-operations mailing list