verizon DNS "helper"
Ben Scott
dragonhawk at gmail.com
Thu Nov 15 00:11:40 EST 2007
On Nov 14, 2007 11:40 PM, Chip Marshall <chip at 2bithacker.net> wrote:
> Probably doable for now, but there's nothing stopping your ISP from
> intercepting all outgoing DNS traffic from end-user IPs and redirecting
> them to the ISP's recursive servers.
Yah, eventually, they can cut you off. They are your network link,
after all. But apparently, one can at least detect such tampering:
http://www.merit.edu/mail.archives/nanog/msg04360.html
(Short version: Crypto signing of DNS zone data, while not widely
implemented yet, is available. Tampered lookups will fail, but will
at least not return "bad" data. Or so they claim.)
> Although, I don't really see any of the big ISPs caring enough to jump
> through those kinds of hoops just to stop people from avoiding a few
> ads.
Adelphia used to block all traffic to UDP/53 not to hosts on their
network. Dunno why they did this, but they did. They weren't doing
any tampering that I ever discovered.
-- Ben
More information about the gnhlug-discuss
mailing list