[conspire] Internet Privacy: today's vote and measures to take

Josef Grosch jgrosch at gmail.com
Wed Mar 29 16:00:43 PDT 2017


On 03/29/2017 01:35 PM, Rick Moen wrote:
> Quoting Josef Grosch (jgrosch at gmail.com):
> 
>> I could not agree more. Running your own caching name server is
>> ridiculously easy. Of course the fly in the ointment is that some ISPs
>> block DNS traffic going to any other name server other than their own.
> 
> Even if they do that (which can be determined with a quick check), you
> can still get most of the benefit of a truly autonomous recursive
> nameserver by having one that uses the ISP nameserver as a 'forwarder'
> IP, sending out all queries to it with the 'RD' (recursion desired) bit
> rather than going straight to the authoritative chains.  You are then
> constrained by the typically terrible performance and bad security of 
> ISP nameservers for the quality and timeliness of the data, but at least
> you have local response from cache on almost all queries.
> 
> And then you can have the separate 'Dude, open up port 53 for my IPs or
> I'm taking my business elsewhere' discussion.


I had that conversation with my former ISP. They told me it was their
policy to redirect port 53 traffic to ensure "top quality of service".
The first thing I asked my current ISP, Sonic, after how much was their
service was do they block/redirect port 53 traffic. They thought I was
nuts to ask, "We don't don't do things like that" was their reply.

I'm pretty happy with Sonic, just in case anyone is interested.



Josef

-- 
Josef Grosch       |  Another day closer  |
jgrosch at gmail.com  |  to Redwood Heaven   |  Berkeley, Ca.




More information about the conspire mailing list