DNS filtering, was Thank you, Comcast.

John Levine johnl at iecc.com
Fri Feb 26 17:54:26 UTC 2016

In article <848464982.14027.1456503347620.JavaMail.mhammett at ThunderFuck> you write:
>I think you'd be hard pressed to find more than a tenth of a percent of people attempt to run their own DNS server. Some do because they think
>it'll be better in some way. Rare is the occasion where anything user configured would outperform a local DNS server managed by the ISP that does no form of trickery. 

I run my own DNS cache behind my home NAT router.  It knows about some
locally served names so I can refer to the computers on my LAN by
name, and it does DNSSEC which my ISP's (T-W) DNS caches don't.  Since
it's not visible from outside, it's hard to see how anyone could abuse
it, and it really does stuff that other caches don't.

I wouldn't have any problem if my ISP filtered outgoing port 53
traffic with the QR bit set, of which I should be sending none, but
I'd be annoyed if they filtered outgoing queries.


More information about the NANOG mailing list