Re: Net neutrality prevents this

Author	All Replies
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA ·Cox HSI ·Speakeasy	reply to openbox9 Re: Net neutrality prevents this said by openbox9 : If you're talking about external vs internal DNS servers with a trust (inside and outside of Charter's boundary) then yes, I'll give you that. Is that how Charter's network is setup...or any ISP for that matter. My point still stands. My ISP's DNS servers are not any more secure or accurate than the Verizon DNS servers that I use as a "third-party". If you choose to use "phishmynetwork.com"'s DNS servers instead of your ISP's, then I guess you get what's coming to you. If you use a trusted set of DNS server, then life if good. After all, DNS is hierarchical and you've got to trust external servers sometime However, that trust architecture is a lot more knowable when you use private/internal name servers. Instead of possibly every query reply being bogus, you only need to worry "are the replies from the authoritative servers for domain X valid" (due to those authoritative servers having either been compromised or had their registration hijacked). The only way that a private/internal nameserver is potentially as vulnerable as a public/third-party nameserver as far as trust relationships is when it comes to root nameservers and/or registry information. Given the redundancy/resiliency built into and the visibility of those systems, the likelihood of a hack lasting any amount of time is very small. -tom -- "Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis
	to forum · permalink · · 2007-02-22 08:01:31 ·
openbox9 join:2004-01-26 Alexandria, VA ·AT&T Southeast	Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best. We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable.
	to forum · permalink · · 2007-02-22 09:30:11 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA ·Cox HSI ·Speakeasy	said by openbox9 : Ok, I guess we'll agree to disagree. The threat difference between "internal ISP DNS servers" and "external 'trusted' DNS servers" is minimal at best. Then you're REALLY underestimating the threat differential. If the nameserver I consult - public or private - is compromised, then potentially every query can produce a bad result If, however, a nameserver that is authoritative for a given domain is compromised - the delegated trust you speak of - then only queries for that domain can produce bad results. Where the difference comes in with public vs. private nameservers is the relative likelihood of compromise. Each is open to compromise to anyone that the nameserver is available to. A public/third-party nameserver is available to the Internet at large for attack. A private nameserver is available to a lot smaller set of sources for attack. said by openbox9 : We could always throw out DNS and use the IP addresses if the world's DNS system is so potentially insecure and unreliable. Yeah, that's a reasonable response to your misunderstanding of my post. -tom -- "Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis
	to forum · permalink · · 2007-02-22 21:11:55 ·


Tuesday, 08-Dec 22:17:46	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF