On Thu, Feb 21, 2013 at 2:28 AM, curriegrad2004 <[email protected]> wrote: > On Wed, Feb 20, 2013 at 10:16 PM, Todd And Margo Chester > <[email protected]> wrote: >> >> I can not get frontier's DNS servers to resolve >> releases.mozilla.org. So, in my /etc/named.conf >> I commented out frontier's DNS servers and substituted >> Google's (8.8.8.8) and Open DNS' (208.67.222.222). >> >> # forwarders { 216.67.192.3; 74.40.37.242; }; >> # forwarders { 74.40.74.40; 74.40.74.41; }; >> forwarders { 8.8.8.8; 208.67.222.222; }; >> >> Am I making a security mistake here? > > From a security perspective, I would seriously not even bother > querying anybody's DNS servers but rather have BIND to become a full > recursive DNS server using only the root hints provided by IANA.
>From a security perspective: Do you really think that Google's DNS servers are more insecure that the root DNS servers?! >From a privacy perspective: If you're not logged in to a Google service, your logs are anonymized so there's no privacy concern. If you're logged in to a Google service, it doesn't matter because your cookies *can* be used to track you. Using bind as a recursive nameserver for a desktop seems like overkill (at the very least from configuration perspective). Isn't unbound available in the SL repositories?
