On Sun, Sep 07, 2014 at 08:34:33AM -0400, Phillip Hallam-Baker wrote: > Seems that they are intercepting ALL external DNS and sending their > own responses when they see an NXDOMAIN.
Yes, some networks do that. What makes you think that privacy will help? Why isn't it more likely that Verizon will just intercept anything on port 53 and break it anyway? Unless we tunnel everything on the Internet in a single port (443?) and thereby foil all analysis by operators, both legitimate and otherwise, I don't see that there's any way to defend against Verizon's activities. It seems to me that there are possible downsides to that, too. Also, of course, Verizon's strategy would be totally broken in the face of DNSSEC, because everything they returned would show up as bogus. I think (I'm speculating, note) that fact was one of the reasons Comcast decided they had to ditch this sort of nonsense some years ago. Best regards, A -- Andrew Sullivan [email protected] _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
