republican-creole
site Search:


 
    All Forums Hot Topics Gallery






how-to block ads


 
Search Topic:
Uniqs:
684
Share Topic
Post a:
Post a:
AuthorAll Replies


exocet_cm
You delete it, I'll find it
Premium
join:2003-03-23
New Orleans, LA
kudos:2

If You Block A Root DNS Server

Can you still do a DNS lookup? If so, what are the two DNS servers owned by Verisign? I'm gonna block em on my firewall and hosts file.


slashman
Don't do it . ..
Premium
join:2003-10-01
Batavia, IL

Can't block em. They are root servers.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7

reply to exocet_cm
You can still do lookups, as long as you have not blocked all of the root servers.

If you don't run your own DNS server, but use those from your ISP, then you can block all DNS servers other than those of your ISP.



gatorkram
KaBOOM Baby
Premium
join:2002-07-22
Winterville, NC
kudos:2

reply to exocet_cm
Unless you are running your own dns server, you shouldn't be talking to root servers anyway.
--
Give me bandwidth or give me death!
»/testhistory/661871/4f240



swhx7
Premium
join:2006-07-23
Elbonia

reply to exocet_cm
DNS queries are recursive. If the query can't be answered at the first DNS server contacted - normally a close one, your own or your ISP's - it goes up the hierarchy. Generally the DNS server of the domain itself is authoritative, but large numbers of queries go to the root servers all the time when other sources don't have the info.

This is not like advertising where you can just black-hole servers of unwanted junk. DNS needs to work in this tree model. But it's not a privacy issue; they're not going to detect that Joe Schmoe is looking up weasel fetish sites or whatever.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

You are correct that lookups are recursive. However, the recursion is typically done by your ISP's DNS servers and not by the end-user system. It doesn't affect you unless you are running your own DNS server, or are manually doing recursion (via a command line lookup, such as using the "+trace" flag in "dig".



swhx7
Premium
join:2006-07-23
Elbonia

Right, thanks for making that clear. My point for the OP was that there's no way to opt out of this data-collection. You would normally never hit the root servers directly, and nothing you could do locally could prevent the servers you send queries to from consulting them when needed.


Network Guy
Premium
join:2000-08-25
New York

reply to slashman
They are two of the available thirteen root servers.

If you run a local caching DNS server, yes you can. Just remove their IPs and host names from the list. If you forward all your queries to an external DNS server, you're shit out of luck.


Network Guy
Premium
join:2000-08-25
New York

reply to nwrickert
This accomplishes nothing. The ISP still directs forward lookups to a root server, which may or may not be Verisign's.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7

This accomplishes nothing.
Agreed. But the question was not whether it accomplishes anything.

zed260
Premium
join:2007-09-30
Cleveland, TN
kudos:1

no just use there dns servers instead waste more of there bandwith


Tuesday, 29-May 08:39:44 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics