TWC (AS11351) blocking all NTP?

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Feb 3 09:55:00 UTC 2014


On Mon, Feb 03, 2014 at 04:09:39AM +0000,
 Dobbins, Roland <rdobbins at arbor.net> wrote 
 a message of 20 lines which said:

> I also think that restricting your users by default to your own
> recursive DNS servers, plus a couple of well-known, well-run public
> recursive services, is a good idea - as long as you allow your users
> to opt out.

That's a big "as long". I agree with you but I'm fairly certain that
most ISP who deny their users the ability to do DNS requests directly
(or to run their own DNS resolver) have no such opt-out (or they make
it expensive and/or complicated). After all, when outside DNS is
blocked, it is more often for business reasons (forcing the users to
use a local lying resolver, with ads when NXDOMAIN is returned) than
for security reasons.



More information about the NANOG mailing list