rawwhide
Zer0
Premium
join:2000-09-03
Zero
clubs:
 ·AT&T DSL Service
1 edit | reply to openbox9
Re: Net neutrality prevents this
Using third party DNS servers put users at risk. ISP's DNS servers are expected by customers to be secure and accurate. With third party dns servers you dont have that extra blanket of security. You my type www.google.com but that third party dns server may actually point you at www.ihackedyou.com which may act and look just like google. Or Gaagle where you ended up at actually is ran by your ISP feeding you crap that you thought was different than what you expected, and consumers never being the wiser.
--
HUH!!! Sekurecom |
|
openbox9
join:2004-01-26
Alexandria, VA | Using different DNS servers doesn't put you at any more risk that using your ISP's. I definitely don't expect my ISP's DNS servers to be any more secure or accurate than the Verizon (not my ISP) DNS servers that I use. |
|
thender2
Glamour Profession
Premium
join:2004-05-16
Staten Island, NY | reply to rawwhide
Re: Net neutrality prevents this --- LIES
It does not.
4.2.2.1 and 4.2.2.2 would never do this. |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
·Speakeasy
| reply to openbox9
Re: Net neutrality prevents this
said by openbox9  :Using different DNS servers doesn't put you at any more risk that using your ISP's. I definitely don't expect my ISP's DNS servers to be any more secure or accurate than the Verizon (not my ISP) DNS servers that I use. Really? Remember, those third-party DNS servers HAVE to be generally reachable to the Internet at large. The ISP ones do not. That means those third-party DNS servers have a significantly higher level of exposure (and possibility of being taken over) than ISP-internal DNS servers do.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| If you're talking about external vs internal DNS servers with a trust (inside and outside of Charter's boundary) then yes, I'll give you that. Is that how Charter's network is setup...or any ISP for that matter. My point still stands. My ISP's DNS servers are not any more secure or accurate than the Verizon DNS servers that I use as a "third-party". If you choose to use "phishmynetwork.com"'s DNS servers instead of your ISP's, then I guess you get what's coming to you. If you use a trusted set of DNS server, then life if good. After all, DNS is hierarchical and you've got to trust external servers sometime  |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by openbox9 :If you're talking about external vs internal DNS servers with a trust (inside and outside of Charter's boundary) then yes, I'll give you that. Is that how Charter's network is setup...or any ISP for that matter. My point still stands. My ISP's DNS servers are not any more secure or accurate than the Verizon DNS servers that I use as a "third-party". If you choose to use "phishmynetwork.com"'s DNS servers instead of your ISP's, then I guess you get what's coming to you. If you use a trusted set of DNS server, then life if good. After all, DNS is hierarchical and you've got to trust external servers sometime However, that trust architecture is a lot more knowable when you use private/internal name servers. Instead of possibly every query reply being bogus, you only need to worry "are the replies from the authoritative servers for domain X valid" (due to those authoritative servers having either been compromised or had their registration hijacked). The only way that a private/internal nameserver is potentially as vulnerable as a public/third-party nameserver as far as trust relationships is when it comes to root nameservers and/or registry information. Given the redundancy/resiliency built into and the visibility of those systems, the likelihood of a hack lasting any amount of time is very small.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best. We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable. |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by openbox9 :Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best. Then you're REALLY underestimating the threat differential.
If the nameserver I consult - public or private - is compromised, then potentially every query can produce a bad result
If, however, a nameserver that is authoritative for a given domain is compromised - the delegated trust you speak of - then only queries for that domain can produce bad results.
Where the difference comes in with public vs. private nameservers is the relative likelihood of compromise. Each is open to compromise to anyone that the nameserver is available to. A public/third-party nameserver is available to the Internet at large for attack. A private nameserver is available to a lot smaller set of sources for attack.
said by openbox9 :We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable. Yeah, that's a reasonable response to your misunderstanding of my post. 
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
