[dns-operations] new public DNS service: 220.127.116.11
paul at redbarn.org
Tue Nov 21 04:04:11 UTC 2017
> Noel Butler wrote:
>> ... until one said "it seemed cool to use 18.104.22.168"
>> All I could do was just laugh.
observed, and agreed.
Robert Edmonds wrote:
> Hijacking other providers' service addresses is an extremely serious
> remedy. If an ISP were caught doing this, their users don't have to
> justify their desire to use a third party service to the ISP. The ISP
> should have to justify why such a serious remedy is necessary in the
> first place.
their network, their rules. when google saw opendns pirating dns answers
to "www.google.com" they had no cause of action in either civil or
criminal law. their only recourse was to create 22.214.171.124 and try to take
that traffic back.
there are plenty of ISP's in the world, including the extreme case of
hotel room middleboxes, who policy-route UDP/53 to their own DNS proxy,
period, full stop, don't look at the destination address. they do not
care what we here think.
the great firewall of china, likewise.
i think outrage would be late, and misplaced. run your own RDNS,
validate with DNSSEC, and when lookups fail, stop using the internet
until you have better connectivity.
More information about the dns-operations