[dns-operations] Hijacking DNS traffic (Was: Re: new public DNS service:

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Nov 21 11:08:28 UTC 2017

On Mon, Nov 20, 2017 at 07:13:01PM -0800,
 Mark Milhollan <mlm at pixelgate.net> wrote 
 a message of 43 lines which said:

> Neither is very wonderful but each certainly seems defensible, yours
> not alone for "my network, my rules".

"My network, my rules" is fine when it is really MY network. I manage
the LAN at home as a nasty dictator because it is really my
network. But a public ISP is in a different position: it provides a
service to users and they are expecting neutrality from this provider.

> There's not much security between the stub and a non-local resolver

Precisely, Quad9 has one (DNS-over-TLS, RFC 7858). It protects users
against rogue ISPs.

More information about the dns-operations mailing list