nanog mailing list archives
Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses
From: Glenn McGurrin via NANOG <nanog () nanog org>
Date: Sat, 28 Oct 2023 15:20:35 -0400
I'd agree and disagree, filtering the default isp provided dns server for consumer and possibly small business, reasonable, not without some issues, but reasonable. Comcast style filter servers and intercept all dns headed to other dns servers and redirect them to your own servers and make it difficult to disable, unreasonable, if people deliberately choose to use different dns do NOT override that choice at an isp level (corporate/business firewalls are a bit of a different story), offering security filtered dns as a default isp provided server is a value add for many non technical users, filtering beyond security or making it difficult to use other dns servers is a detriment to users.
my view on small business's with static addresses are a little more complex, they are more likely to be doing things the filtering might break, but many of those things also are best done while running your own recursive resolver, so it may not actually matter that much, but definitely don't do a forced dns server via redirection of all dns queries for such users, honestly don't ever do that as an ISP without specific direct opt in, not opt in by not fighting with sales to remove a line from an order, or other "opt-in" that isn't actually customer initiated informed opt-in, I'm looking at you Comcast.
On 10/27/2023 5:20 PM, John Levine wrote:
It appears that Bryan Fields <Bryan () bryanfields net> said:-=-=-=-=-=- -=-=-=-=-=- On 10/27/23 7:49 AM, John Levine wrote:But for obvious good reasons, the vast majority of their customers don'tI'd argue that as a service provider deliberately messing with DNS is an obvious bad thing. They're there to deliver packets.For a network feeding a data center, sure. For a network like Charter's which is feeding unsophisticated nontechnical users, they need all the messing they can get. If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad. R's, John
Current thread:
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses, (continued)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses John R. Levine (Oct 29)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Livingood, Jason via NANOG (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses John R. Levine (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Livingood, Jason via NANOG (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Compton, Rich A (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Owen DeLong via NANOG (Oct 30)
- Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses Tim Burke (Oct 30)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Michael Thomas (Oct 27)
- Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses John Levine (Oct 29)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Eric Kuhnke (Oct 27)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Glenn McGurrin via NANOG (Oct 28)
- Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses Glenn Kelley (Oct 29)
- RE: Charter DNS servers returning invalid IP addresses Greg Dickinson (Oct 25)
- Re: Charter DNS servers returning invalid IP addresses Bryan Fields (Oct 25)
- Re: Charter DNS servers returning invalid IP addresses J. Hellenthal via NANOG (Oct 26)
- Re: Charter DNS servers returning invalid IP addresses John Levine (Oct 27)