[dns-operations] Can Root DNS server modify the response?

David Conrad drc at virtualized.org
Tue Mar 26 23:36:56 UTC 2019


On Mar 26, 2019, at 11:21 AM, Frank Habicht <geier at geier.ne.tz> wrote:
>>> Noting that Mozilla with their firefox is clearly steering towards
>>> DoH, "as ISPs are not to be trusted"
>> AFAIK, Cloudflare hasn’t mucked with responses. Some ISPs have. Ergo...
> Hmmm. I object to the "Ergo..."
> The fact that CF hasn't mucked does _not_ make them better than $my_isp. [1]

I was commenting on the “as ISPs are not to be trusted” part.  My point was that _some_ ISPs are known to have mucked with responses (by default, without informing users, etc).  Your ISP may not have done this, but others have and that has resulted in a desire to block that sort of behavior. Unfair, perhaps, as it paints all ISPs as equally guilty, but life isn’t fair.

> So if Mozilla still intend to change default behaviour without informing
> every user,

I’d be surprised, given Mozilla’s user base, whether “informing every user” is a viable option — I suspect too many Firefox users wouldn’t even understand what they were being told, much less what to do about it. So they can do nothing and continue to rely on the local infrastructure which has, in some cases (although I gather not your case), been bad or they can take steps to protect their users that technical users may take issue with.  I might agree that Mozilla is making unwarranted decisions for their users, but I can understand the rationale.

> PS: regarding motivations: I guess CF is not in the mucking business,
> more in the collecting area,

AFAIK, Cloudflare’s interest in root servers (the subject of this thread) is (was?) related to the increased attractiveness for peering announcing root server addresses gets them.  I don’t know what value they derive from either their service or the DoH service.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190326/96f705b7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190326/96f705b7/attachment.sig>

More information about the dns-operations mailing list