Yet another Quadruple DNS?

• Previous message (by thread): Yet another Quadruple DNS?
• Next message (by thread): Yet another Quadruple DNS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> \On Mar 29, 2018, at 7:27 AM, Brian Kantor <Brian at ampr.org> wrote:
> 
> On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote:
>> I've never really understood this - if you don't trust your ISP's DNS,
>> why would you trust them not to transparently intercept any well-known
>> third-party DNS?
> 
> Of course they could.  But it's testable; experiments show that they
> aren't doing so currently.

Experiments may show that in some tested cases they aren’t, but in the big picture, yes, there are ISPs who are internally capturing 8.8.8.8, and who try to do the same with 9.9.9.9.  Which is why it’s so important to do cryptographic validation of the server and encryption of the transport, as well as DNSSEC validation.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180329/0b9b43bf/attachment.sig>

• Previous message (by thread): Yet another Quadruple DNS?
• Next message (by thread): Yet another Quadruple DNS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]