[conspire] Internet Privacy: today's vote and measures to take
Josef Grosch
jgrosch at gmail.com
Wed Mar 29 16:00:43 PDT 2017
On 03/29/2017 01:35 PM, Rick Moen wrote:
> Quoting Josef Grosch (jgrosch at gmail.com):
>
>> I could not agree more. Running your own caching name server is
>> ridiculously easy. Of course the fly in the ointment is that some ISPs
>> block DNS traffic going to any other name server other than their own.
>
> Even if they do that (which can be determined with a quick check), you
> can still get most of the benefit of a truly autonomous recursive
> nameserver by having one that uses the ISP nameserver as a 'forwarder'
> IP, sending out all queries to it with the 'RD' (recursion desired) bit
> rather than going straight to the authoritative chains. You are then
> constrained by the typically terrible performance and bad security of
> ISP nameservers for the quality and timeliness of the data, but at least
> you have local response from cache on almost all queries.
>
> And then you can have the separate 'Dude, open up port 53 for my IPs or
> I'm taking my business elsewhere' discussion.
I had that conversation with my former ISP. They told me it was their
policy to redirect port 53 traffic to ensure "top quality of service".
The first thing I asked my current ISP, Sonic, after how much was their
service was do they block/redirect port 53 traffic. They thought I was
nuts to ask, "We don't don't do things like that" was their reply.
I'm pretty happy with Sonic, just in case anyone is interested.
Josef
--
Josef Grosch | Another day closer |
jgrosch at gmail.com | to Redwood Heaven | Berkeley, Ca.
More information about the conspire
mailing list