[187827] in North American Network Operators' Group
Re: DNS filtering, was Thank you, Comcast.
daemon@ATHENA.MIT.EDU (John Levine)
Fri Feb 26 13:06:01 2016
X-Original-To: nanog@nanog.org
Date: 26 Feb 2016 17:54:26 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <848464982.14027.1456503347620.JavaMail.mhammett@ThunderFuck>
Errors-To: nanog-bounces@nanog.org
In article <848464982.14027.1456503347620.JavaMail.mhammett@ThunderFuck> you write:
>I think you'd be hard pressed to find more than a tenth of a percent of people attempt to run their own DNS server. Some do because they think
>it'll be better in some way. Rare is the occasion where anything user configured would outperform a local DNS server managed by the ISP that does no form of trickery.
I run my own DNS cache behind my home NAT router. It knows about some
locally served names so I can refer to the computers on my LAN by
name, and it does DNSSEC which my ISP's (T-W) DNS caches don't. Since
it's not visible from outside, it's hard to see how anyone could abuse
it, and it really does stuff that other caches don't.
I wouldn't have any problem if my ISP filtered outgoing port 53
traffic with the QR bit set, of which I should be sending none, but
I'd be annoyed if they filtered outgoing queries.
R's,
John
