DNSSEC and ISPs faking DNS responses

John Levine johnl at iecc.com
Fri Nov 13 20:01:23 UTC 2015

>Would the masses setup a VPN to a service provider in a jurisdiction not 
>subject to such foolishness so their resolver, whether stub or full, 
>would have a chance at unfaked answers?  Again, I'm thinking most would 
>be entirely ignorant of the issue, and in any case would be hard pressed 
>to set anything up unless it was trivial, e.g., not just part of their 
>OS but also Wizard-like with most answers pre-supplied.

I was at a most interesting session in New Zealand a few months ago,
about video streaming in NZ.  People want to watch Netflix and Hulu,
and are willing to pay for it, but NZ is such a small market that the
big providers can't be bothered to license the content for NZ, and by
the time local providers make arrangements it's a month later.  So
everyone buys a Netflix subsription and uses VPNs to pretend to be in
the US.

Take a look at Vyprvpn, which is pretty much point and install, or
even Tunnelblick which is about four clicks to set up with VPN info
from any provider.  Civilians definitely use these.


More information about the NANOG mailing list