[EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

• Previous message (by thread): [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses
• Next message (by thread): [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd agree and disagree, filtering the default isp provided dns server 
for consumer and possibly small business, reasonable, not without some 
issues, but reasonable.  Comcast style filter servers and intercept all 
dns headed to other dns servers and redirect them to your own servers 
and make it difficult to disable, unreasonable, if people deliberately 
choose to use different dns do NOT override that choice at an isp level 
(corporate/business firewalls are a bit of a different story), offering 
security filtered dns as a default isp provided server is a value add 
for many non technical users, filtering beyond security or making it 
difficult to use other dns servers is a detriment to users.

my view on small business's with static addresses are a little more 
complex, they are more likely to be doing things the filtering might 
break, but many of those things also are best done while running your 
own recursive resolver, so it may not actually matter that much, but 
definitely don't do a forced dns server via redirection of all dns 
queries for such users, honestly don't ever do that as an ISP without 
specific direct opt in, not opt in by not fighting with sales to remove 
a line from an order, or other "opt-in" that isn't actually customer 
initiated informed opt-in, I'm looking at you Comcast.

On 10/27/2023 5:20 PM, John Levine wrote:
> It appears that Bryan Fields <Bryan at bryanfields.net> said:
>> -=-=-=-=-=-
>> -=-=-=-=-=-
>> On 10/27/23 7:49 AM, John Levine wrote:
>>> But for obvious good reasons,
>>> the vast majority of their customers don't
>>
>> I'd argue that as a service provider deliberately messing with DNS is an
>> obvious bad thing.  They're there to deliver packets.
> 
> For a network feeding a data center, sure. For a network like
> Charter's which is feeding unsophisticated nontechnical users, they
> need all the messing they can get.
> 
> If you're one of the small minority of retail users that knows enough
> about the technology to pick your own resolver, go ahead.  But it's
> a reasonable default to keep malware out of Grandma's iPad.
> 
> R's,
> John

• Previous message (by thread): [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses
• Next message (by thread): [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]