On Sun, Sep 7, 2014 at 11:00 AM, Andrew Sullivan <[email protected]> wrote: > On Sun, Sep 07, 2014 at 08:34:33AM -0400, Phillip Hallam-Baker wrote: >> Seems that they are intercepting ALL external DNS and sending their >> own responses when they see an NXDOMAIN. > > Yes, some networks do that. > > What makes you think that privacy will help? Why isn't it more likely > that Verizon will just intercept anything on port 53 and break it > anyway? Unless we tunnel everything on the Internet in a single port > (443?) and thereby foil all analysis by operators, both legitimate and > otherwise, I don't see that there's any way to defend against > Verizon's activities. It seems to me that there are possible > downsides to that, too.
Lets face it, port 53 is hopelessly compromised. I don't want to run everything over port 443 either. But I am happy with a scheme where I use a randomly assigned UDP port with fallback to port 443 if the network attempts to block. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
