If You Block A Root DNS Server -

Author	All Replies
exocet_cm You delete it, I'll find it Premium join:2003-03-23 New Orleans, LA kudos:2	If You Block A Root DNS Server Can you still do a DNS lookup? If so, what are the two DNS servers owned by Verisign? I'm gonna block em on my firewall and hosts file.
	to forum · permalink · 2007-10-24 12:52:50 ·
slashman Don't do it . .. Premium join:2003-10-01 Batavia, IL	Can't block em. They are root servers.
	to forum · permalink · 2007-10-24 12:57:52 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7	reply to exocet_cm You can still do lookups, as long as you have not blocked all of the root servers. If you don't run your own DNS server, but use those from your ISP, then you can block all DNS servers other than those of your ISP.
	to forum · permalink · 2007-10-24 13:11:53 ·
gatorkram KaBOOM Baby Premium join:2002-07-22 Winterville, NC kudos:2	reply to exocet_cm Unless you are running your own dns server, you shouldn't be talking to root servers anyway. -- Give me bandwidth or give me death! »/testhistory/661871/4f240
	to forum · permalink · 2007-10-24 13:11:57 ·
swhx7 Premium join:2006-07-23 Elbonia	reply to exocet_cm DNS queries are recursive. If the query can't be answered at the first DNS server contacted - normally a close one, your own or your ISP's - it goes up the hierarchy. Generally the DNS server of the domain itself is authoritative, but large numbers of queries go to the root servers all the time when other sources don't have the info. This is not like advertising where you can just black-hole servers of unwanted junk. DNS needs to work in this tree model. But it's not a privacy issue; they're not going to detect that Joe Schmoe is looking up weasel fetish sites or whatever.
	to forum · permalink · 2007-10-24 13:45:30 ·

nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	You are correct that lookups are recursive. However, the recursion is typically done by your ISP's DNS servers and not by the end-user system. It doesn't affect you unless you are running your own DNS server, or are manually doing recursion (via a command line lookup, such as using the "+trace" flag in "dig".
	to forum · permalink · 2007-10-24 13:54:20 ·
swhx7 Premium join:2006-07-23 Elbonia	Right, thanks for making that clear. My point for the OP was that there's no way to opt out of this data-collection. You would normally never hit the root servers directly, and nothing you could do locally could prevent the servers you send queries to from consulting them when needed.
	to forum · permalink · 2007-10-24 14:48:22 ·
Network Guy Premium join:2000-08-25 New York	reply to slashman They are two of the available thirteen root servers. If you run a local caching DNS server, yes you can. Just remove their IPs and host names from the list. If you forward all your queries to an external DNS server, you're shit out of luck.
	to forum · permalink · 2007-10-25 11:03:08 ·
Network Guy Premium join:2000-08-25 New York	reply to nwrickert This accomplishes nothing. The ISP still directs forward lookups to a root server, which may or may not be Verisign's.
	to forum · permalink · 2007-10-25 11:04:54 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7	This accomplishes nothing. Agreed. But the question was not whether it accomplishes anything.
	to forum · permalink · 2007-10-25 11:14:40 ·
zed260 Premium join:2007-09-30 Cleveland, TN kudos:1	no just use there dns servers instead waste more of there bandwith
	to forum · permalink · 2007-10-25 15:49:21 ·

Verisign To Sell Root Server DNS Lookup Data > If You Block A Root DNS Server

If You Block A Root DNS Server