site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Charter Implements Sitefinder-esque Annoyance > Net neutrality prevents this

Search Topic:
 Share Topic
Post a:
Post a:
AuthorAll Replies


nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA

reply to openbox9

Re: Net neutrality prevents this

said by openbox9:

Using different DNS servers doesn't put you at any more risk that using your ISP's. I definitely don't expect my ISP's DNS servers to be any more secure or accurate than the Verizon (not my ISP) DNS servers that I use.
Really? Remember, those third-party DNS servers HAVE to be generally reachable to the Internet at large. The ISP ones do not. That means those third-party DNS servers have a significantly higher level of exposure (and possibility of being taken over) than ISP-internal DNS servers do.

-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis
to forum · permalink · 2007-02-21 22:55:07 ·

openbox9

join:2004-01-26
Alexandria, VA
kudos:2

If you're talking about external vs internal DNS servers with a trust (inside and outside of Charter's boundary) then yes, I'll give you that. Is that how Charter's network is setup...or any ISP for that matter. My point still stands. My ISP's DNS servers are not any more secure or accurate than the Verizon DNS servers that I use as a "third-party". If you choose to use "phishmynetwork.com"'s DNS servers instead of your ISP's, then I guess you get what's coming to you. If you use a trusted set of DNS server, then life if good. After all, DNS is hierarchical and you've got to trust external servers sometime

to forum · permalink · 2007-02-22 06:41:25 ·


nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA

said by openbox9:

If you're talking about external vs internal DNS servers with a trust (inside and outside of Charter's boundary) then yes, I'll give you that. Is that how Charter's network is setup...or any ISP for that matter. My point still stands. My ISP's DNS servers are not any more secure or accurate than the Verizon DNS servers that I use as a "third-party". If you choose to use "phishmynetwork.com"'s DNS servers instead of your ISP's, then I guess you get what's coming to you. If you use a trusted set of DNS server, then life if good. After all, DNS is hierarchical and you've got to trust external servers sometime
However, that trust architecture is a lot more knowable when you use private/internal name servers. Instead of possibly every query reply being bogus, you only need to worry "are the replies from the authoritative servers for domain X valid" (due to those authoritative servers having either been compromised or had their registration hijacked). The only way that a private/internal nameserver is potentially as vulnerable as a public/third-party nameserver as far as trust relationships is when it comes to root nameservers and/or registry information. Given the redundancy/resiliency built into and the visibility of those systems, the likelihood of a hack lasting any amount of time is very small.

-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis
to forum · permalink · 2007-02-22 08:01:31 ·

openbox9

join:2004-01-26
Alexandria, VA
kudos:2

Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best. We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable.

to forum · permalink · 2007-02-22 09:30:11 ·


nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA

said by openbox9:

Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best.
Then you're REALLY underestimating the threat differential.

If the nameserver I consult - public or private - is compromised, then potentially every query can produce a bad result

If, however, a nameserver that is authoritative for a given domain is compromised - the delegated trust you speak of - then only queries for that domain can produce bad results.

Where the difference comes in with public vs. private nameservers is the relative likelihood of compromise. Each is open to compromise to anyone that the nameserver is available to. A public/third-party nameserver is available to the Internet at large for attack. A private nameserver is available to a lot smaller set of sources for attack.

said by openbox9:

We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable.
Yeah, that's a reasonable response to your misunderstanding of my post.

-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis
to forum · permalink · 2007-02-22 21:11:55 ·
Forums > Charter Implements Sitefinder-esque Annoyance

Monday, 28-May 19:30:28 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics