 |
 | 
slashman
Don't do it . ..
Premium
join:2003-10-01
Batavia, IL | Re: If You Block A Root DNS Server Can't block em. They are root servers. | |
|
| | Network Guy
join:2000-08-25
New York | Re: If You Block A Root DNS Server They are two of the available thirteen root servers.
If you run a local caching DNS server, yes you can. Just remove their IPs and host names from the list. If you forward all your queries to an external DNS server, you're shit out of luck. | |
|
| 
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | You can still do lookups, as long as you have not blocked all of the root servers.
If you don't run your own DNS server, but use those from your ISP, then you can block all DNS servers other than those of your ISP. | |
|
| | Network Guy
join:2000-08-25
New York | Re: If You Block A Root DNS Server This accomplishes nothing. The ISP still directs forward lookups to a root server, which may or may not be Verisign's. | |
|
| | |
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | Re: If You Block A Root DNS Server This accomplishes nothing. Agreed. But the question was not whether it accomplishes anything. | |
|
| | | | zed260
join:2007-09-30
Cleveland, TN | Re: If You Block A Root DNS Server no just use there dns servers instead waste more of there bandwith | |
|
| 
gatorkram
Spelling and Grammer impared
Premium
join:2002-07-22
Winterville, NC
clubs: | Unless you are running your own dns server, you shouldn't be talking to root servers anyway.
--
Give me bandwidth or give me death!
»/testhistory/661871/4f240 | |
|
| 
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| DNS queries are recursive. If the query can't be answered at the first DNS server contacted - normally a close one, your own or your ISP's - it goes up the hierarchy. Generally the DNS server of the domain itself is authoritative, but large numbers of queries go to the root servers all the time when other sources don't have the info.
This is not like advertising where you can just black-hole servers of unwanted junk. DNS needs to work in this tree model. But it's not a privacy issue; they're not going to detect that Joe Schmoe is looking up weasel fetish sites or whatever. | |
|
| |
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| Re: If You Block A Root DNS Server You are correct that lookups are recursive. However, the recursion is typically done by your ISP's DNS servers and not by the end-user system. It doesn't affect you unless you are running your own DNS server, or are manually doing recursion (via a command line lookup, such as using the "+trace" flag in "dig". | |
|
| | |
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| Re: If You Block A Root DNS Server Right, thanks for making that clear. My point for the OP was that there's no way to opt out of this data-collection. You would normally never hit the root servers directly, and nothing you could do locally could prevent the servers you send queries to from consulting them when needed. | |
|
Titus Pullo
I came, I saw, I slept
join:2004-06-26 | More proof that the human experiment is nearing complete failure. | |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| It's premature to criticize until we know how the data will be used. It is conceivable that registrars could analyze this data to get an idea of which newly created domains are being used for phishing and other kinds of fraud (and then shut down the fraud domains).
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 | |
|
| |
| 
Lord Wanker
join:2001-10-23
Montreal, QC
| said by nwrickert  :until we know how the data will be used. It is conceivable that registrars could analyze this data to get an idea of which newly created domains are being used for phishing and other kinds of fraud (and then shut down the fraud domains). The key word is sell. If it was for fraud protection surely the information would be freely transmitted.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Its never too late to think......think about it. | |
|
|
swhx7
Premium
join:2006-07-23
Elbonia | Here's a possible use. People interested in buying domains will type them in to see whether they're already in use. If registrars can see which ones get typed in a lot, they'll conclude that they're in demand and raise the prices. | |
|
| |
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| Re: It's premature to criticize You might get dozens of looks for a domain this way
If a domain is spammed, you might get thousands.
If a domain is used as part of a forged sender address in spam, you might get 100,000.
It is difficult to know how this will be used. | |
|
morbo
Complete Your Transaction
join:2002-01-22
00000
clubs: | why won't VeriSlime just go away?
as if i needed even more of a reason to hate this company, now they come up with THIS. ~wretch~
that and the $36 per year domain fees! | |
|
| 
n2jtx
join:2001-01-13
Glen Head, NY
·Optimum Online
| Re: why won't VeriSlime just go away? said by morbo :as if i needed even more of a reason to hate this company, now they come up with THIS. ~wretch~ that and the $36 per year domain fees! A week ago I transferred the only remaining domain that my firm had with Verisign to another registrar. At the time they told me they could "work with me" to give me better pricing but I found that a bit odd. I really wanted to consolidate this last domain to our primary registrar but obviously Verisign will try to get people to keep their domains with them if you threaten to leave.
--
I support the right to keep and arm bears. | |
|
| | bassdude
join:2001-05-18
Bedford, MA
| Re: why won't VeriSlime just go away? I am not sure who you transferred your Domain from. VeriSign has not been in the registrar business for a long time. They bought Network Solutions to get the name services and sold off the domain registrar part in 2003.
My experience from dealing with Network Solutions, Register.com and GoDaddy has shown me that all of them will go to extreme lengths to keep your domain registered with them. Once again your comment about VeriSign will try to get you to stay makes no sense because they are not in the business.
--
David Draper, CISSP Draper Consulting Services | |
|
Mark
Premium
join:2001-11-15
Mesa, AZ
1 edit | http://www.root-servers.org/ Verisign operates servers A and J
(see »www.root-servers.org/)
If you run your own DNS, you can take them out of your list. The others will still direct you to Verisign for .com/.net lookups though (Verisign runs GTLD-SERVERS.NET, which root servers direct you to). | |
|
Noah Vail
Premium
join:2004-12-10
Lorton, VA
·RoadRunner Cable
| Allright Men. Rally the Bot Army and Let's Poison the Data! I'm thinkin' that an accumulation of several billion bogus dns requests might be just the thing to erase the value of that data.
It may be that the script kiddies are just 'bout due for some community service.
NV
--
The More Alike 2 Religions are, the Stronger the Hate between them. | |
|
| openbox9
join:2004-01-26
Alexandria, VA | Re: Allright Men. Rally the Bot Army and Let's Poison the Data! Nothing like screwing the whole DNS to teach one company a lesson  | |
|
|
batterup
I Can Not Tell A Lie.
Premium
join:2003-02-06
Netcong, NJ
clubs:
·Verizon Online DSL
| You people want free competition. Ma Bell is dead, Verizon has learned well. Hustle a buck anyway you can the government no longer has its nose up TPC's butt.
Be careful for what you ask for, you just might get it.
When Verizon does what MCI/WorldCom did then you can legitimately bitch. | |
|
| openbox9
join:2004-01-26
Alexandria, VA | Re: You people want free competition. Huh? | |
|
| 
espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN | Ver i sign. Not Ver i zon. | |
|
| | |
lordofwhee
join:2007-10-21
Everett, WA
| . You know, at the rate this is going, eventually VeriSign will try something that pisses off such a large portion of the online community with the knowledge to do some real damage to them enough that such damage will actually be caused.
Ironically, basically ANYTHING they do to piss ANYONE off will piss off said online community...
It's just a matter of time. | |
|
jgkolt
Premium
join:2004-02-21
Lakewood, OH
clubs: | bah Verislime has done it again. boo | |
|
|
|
|
|
Verisign To Sell Root Server DNS Lookup Data
·