openbox9
join:2004-01-26
Alexandria, VA
 ·AT&T Southeast
| reply to karlmarx
Re: Net neutrality prevents this
There is nothing "abhorrent about megacorps raping consumer to increase profits". This isn't a net neutrality issue...yet. The easier and cheaper answer is to simply use alternate DNS servers. If Charter impedes your access to alternate DNS servers, then yes, I agree that it's a potential net neutrality issue. |
|
raw
War Eagle
Premium
join:2001-01-17
Madison, AL
clubs:
| said by openbox9  :The easier and cheaper answer It's faster, too. I've abandoned Charter's DNS servers over a month ago because they were just plain slow (and extremely prone to failure), and reliability has gone up considerably.
--
[BBR]raw
America's Army
BBR Enemy Territory clan founder |
|
rawwhide
Zer0
Premium
join:2000-09-03
Zero
clubs:
·AT&T DSL Service
1 edit | reply to openbox9
Using third party DNS servers put users at risk. ISP's DNS servers are expected by customers to be secure and accurate. With third party dns servers you dont have that extra blanket of security. You my type www.google.com but that third party dns server may actually point you at www.ihackedyou.com which may act and look just like google. Or Gaagle where you ended up at actually is ran by your ISP feeding you crap that you thought was different than what you expected, and consumers never being the wiser.
--
HUH!!! Sekurecom |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
| reply to openbox9
I use the free Treewalk DNS product and wouldn't be affected if Comcast ever does something similar, which they haven't.
--
--
My BLOG
My Web Page |
|
en102
Canadian, eh?
join:2001-01-26
Valencia, CA
·RoadRunner Cable
·DSL EXTREME
| reply to openbox9
said by openbox9 :The easier and cheaper answer is to simply use alternate DNS servers. While that may be an option for some, Charter (as well as other ISPs) should be providing proper DNS, and not using redirection as a form of redirection. While many of us here may be technically savvy enough to change our DNS settings, there are millions that will be caught into this revenue generating, DNS hack.
Why is everything 'opt-out'. If Charter wishes to do this kind of DNS filtering, then they _should_ have those that want it to 'opt-in' by having their DNS set to a site finder service vs. a valid DNS server. |
|
openbox9
join:2004-01-26
Alexandria, VA | reply to rawwhide
Using different DNS servers doesn't put you at any more risk that using your ISP's. I definitely don't expect my ISP's DNS servers to be any more secure or accurate than the Verizon (not my ISP) DNS servers that I use. |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| reply to en102
It's their DNS, they can do what they want with it as long as they don't poison the larger DNS. Who cares if the common customer is exploited by this "DNS hack". The common user sure doesn't. My response was to the Marxist that this is not a net-neutrality issue so long as Charter doesn't impede your ability to use alternate DNS servers. You are still free to choose and therefore the network is neutral in this instance. |
|
hobgoblin
Sortof Agoblin
Premium
join:2001-11-25
Orchard Park, NY
clubs:
| said by openbox9 :It's their DNS, they can do what they want with it as long as they don't poison the larger DNS. and lots of people find it very useful, rather than getting "Page can not be displayed"
People just like to whine.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
|
|
Cabal
Premium
join:2007-01-21
Boston, MA | reply to openbox9
I'm pretty sure anyone that uses more than HTTP will care. There's a world of difference between a timed out FTP or SSH connection attempt and a refused one against Charter's web server. |
|
RadioDoc
58ef2c0
Premium,ExMod 2000-03
join:2000-05-11 | reply to hobgoblin
If they find it useful then they can opt in. Charter could even make some marketing hoopla about it, maybe even charge extra for the "service". But, making it the default is just plain wrong.
--
Toolmaster of La Grange. |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| reply to Cabal
The common user has no idea about timed out vs refused connections and they definitely don't know or care about SSH...FTP maybe, but most likely not. Once again, for a majority of their customers (e-mail and surfin' da web), this will be a non-issue. |
|
thender2
Glamour Profession
Premium
join:2004-05-16
Staten Island, NY | reply to rawwhide
Re: Net neutrality prevents this --- LIES
It does not.
4.2.2.1 and 4.2.2.2 would never do this. |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| reply to openbox9
Re: Net neutrality prevents this
said by openbox9 :Using different DNS servers doesn't put you at any more risk that using your ISP's. I definitely don't expect my ISP's DNS servers to be any more secure or accurate than the Verizon (not my ISP) DNS servers that I use. Really? Remember, those third-party DNS servers HAVE to be generally reachable to the Internet at large. The ISP ones do not. That means those third-party DNS servers have a significantly higher level of exposure (and possibility of being taken over) than ISP-internal DNS servers do.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| If you're talking about external vs internal DNS servers with a trust (inside and outside of Charter's boundary) then yes, I'll give you that. Is that how Charter's network is setup...or any ISP for that matter. My point still stands. My ISP's DNS servers are not any more secure or accurate than the Verizon DNS servers that I use as a "third-party". If you choose to use "phishmynetwork.com"'s DNS servers instead of your ISP's, then I guess you get what's coming to you. If you use a trusted set of DNS server, then life if good. After all, DNS is hierarchical and you've got to trust external servers sometime  |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by openbox9 :If you're talking about external vs internal DNS servers with a trust (inside and outside of Charter's boundary) then yes, I'll give you that. Is that how Charter's network is setup...or any ISP for that matter. My point still stands. My ISP's DNS servers are not any more secure or accurate than the Verizon DNS servers that I use as a "third-party". If you choose to use "phishmynetwork.com"'s DNS servers instead of your ISP's, then I guess you get what's coming to you. If you use a trusted set of DNS server, then life if good. After all, DNS is hierarchical and you've got to trust external servers sometime However, that trust architecture is a lot more knowable when you use private/internal name servers. Instead of possibly every query reply being bogus, you only need to worry "are the replies from the authoritative servers for domain X valid" (due to those authoritative servers having either been compromised or had their registration hijacked). The only way that a private/internal nameserver is potentially as vulnerable as a public/third-party nameserver as far as trust relationships is when it comes to root nameservers and/or registry information. Given the redundancy/resiliency built into and the visibility of those systems, the likelihood of a hack lasting any amount of time is very small.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best. We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable. |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by openbox9 :Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best. Then you're REALLY underestimating the threat differential.
If the nameserver I consult - public or private - is compromised, then potentially every query can produce a bad result
If, however, a nameserver that is authoritative for a given domain is compromised - the delegated trust you speak of - then only queries for that domain can produce bad results.
Where the difference comes in with public vs. private nameservers is the relative likelihood of compromise. Each is open to compromise to anyone that the nameserver is available to. A public/third-party nameserver is available to the Internet at large for attack. A private nameserver is available to a lot smaller set of sources for attack.
said by openbox9 :We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable. Yeah, that's a reasonable response to your misunderstanding of my post. 
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
