[dns-operations] Hijacking DNS traffic (Was: Re: new public DNS service: 220.127.116.11)
bortzmeyer at nic.fr
Tue Nov 21 11:08:28 UTC 2017
On Mon, Nov 20, 2017 at 07:13:01PM -0800,
Mark Milhollan <mlm at pixelgate.net> wrote
a message of 43 lines which said:
> Neither is very wonderful but each certainly seems defensible, yours
> not alone for "my network, my rules".
"My network, my rules" is fine when it is really MY network. I manage
the LAN at home as a nasty dictator because it is really my
network. But a public ISP is in a different position: it provides a
service to users and they are expecting neutrality from this provider.
> There's not much security between the stub and a non-local resolver
Precisely, Quad9 has one (DNS-over-TLS, RFC 7858). It protects users
against rogue ISPs.
More information about the dns-operations