[dns-operations] Can Root DNS server modify the response?

Jeroen Massar jeroen at massar.ch
Tue Mar 26 16:12:35 UTC 2019

On 2019-03-26 16:31, Dave Warren wrote:
> On Mar 26, 2019, 03:36 -0600, Jeroen Massar <jeroen at massar.ch>, wrote:
>> While censorship is one part that could happen, the tracking of people/devices is another... and something can go mostly unnoticed as it is server-side.
> tl;dr: there is no evidence or even hint that Cloudflare is actively censoring anything on either their public resolver or root servers?

As I noted, would also be hard to prove. And DNSSEC "solves" most of the lying except for unprotected zones and "SERVFAIL" kind of answers.

But do please note also that I mostly talked about the line above: the monitoring. As the world is about Big Data, there is not so much money in lying...

> I share your concerns about too much centralization and the potential for data collection for commercialization, but that is another topic entirely from outright censorship, and from a end-user-facing public resolver standpoint I’m happy to see more competition rather than less in this space. 

Well, with 2 out of 13 root servers now (in part) being provided by 1 organization that soon will want to IPO.... we'll see what happens with this Internet thing and what happens to it.

Fortunately there is always Tor and Freifunk.... or packet radio ;)

Just too bad that the general voting public does not easily get access to those communication channels...


More information about the dns-operations mailing list