[conspire] Internet Privacy: today's vote and measures to take
Rick Moen
rick at linuxmafia.com
Wed Mar 29 13:35:52 PDT 2017
Quoting Josef Grosch (jgrosch at gmail.com):
> I could not agree more. Running your own caching name server is
> ridiculously easy. Of course the fly in the ointment is that some ISPs
> block DNS traffic going to any other name server other than their own.
Even if they do that (which can be determined with a quick check), you
can still get most of the benefit of a truly autonomous recursive
nameserver by having one that uses the ISP nameserver as a 'forwarder'
IP, sending out all queries to it with the 'RD' (recursion desired) bit
rather than going straight to the authoritative chains. You are then
constrained by the typically terrible performance and bad security of
ISP nameservers for the quality and timeliness of the data, but at least
you have local response from cache on almost all queries.
And then you can have the separate 'Dude, open up port 53 for my IPs or
I'm taking my business elsewhere' discussion.
More information about the conspire
mailing list