Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses
> On Oct 28, 2023, at 10:28, Jay R. Ashworth wrote: > > - Original Message - >> From: "Owen DeLong via NANOG" > >>> For a network feeding a data center, sure. For a network like >>> Charter's which is feeding unsophisticated nontechnical users, they >>> need all the messing they can get. >>> >>> If you're one of the small minority of retail users that knows enough >>> about the technology to pick your own resolver, go ahead. But it's >>> a reasonable default to keep malware out of Grandma's iPad. >>> >>> R's, >>> John >> >> If it’s such a reasonable default, why don’t any of the public resolvers >> (e.g. >> 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? > > It's a reasonable default behavior *for default resolver servers for consumer > eyeball networks*. > > I knew that was what John meant, and I can't see any reason why you wouldn't > know it too, Owen; this isn't your first rodeo, either. I knew that’s what he meant and I know what you mean. I still don’t agree. Owen
Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses
I'd agree and disagree, filtering the default isp provided dns server for consumer and possibly small business, reasonable, not without some issues, but reasonable. Comcast style filter servers and intercept all dns headed to other dns servers and redirect them to your own servers and make it difficult to disable, unreasonable, if people deliberately choose to use different dns do NOT override that choice at an isp level (corporate/business firewalls are a bit of a different story), offering security filtered dns as a default isp provided server is a value add for many non technical users, filtering beyond security or making it difficult to use other dns servers is a detriment to users. my view on small business's with static addresses are a little more complex, they are more likely to be doing things the filtering might break, but many of those things also are best done while running your own recursive resolver, so it may not actually matter that much, but definitely don't do a forced dns server via redirection of all dns queries for such users, honestly don't ever do that as an ISP without specific direct opt in, not opt in by not fighting with sales to remove a line from an order, or other "opt-in" that isn't actually customer initiated informed opt-in, I'm looking at you Comcast. On 10/27/2023 5:20 PM, John Levine wrote: It appears that Bryan Fields said: -=-=-=-=-=- -=-=-=-=-=- On 10/27/23 7:49 AM, John Levine wrote: But for obvious good reasons, the vast majority of their customers don't I'd argue that as a service provider deliberately messing with DNS is an obvious bad thing. They're there to deliver packets. For a network feeding a data center, sure. For a network like Charter's which is feeding unsophisticated nontechnical users, they need all the messing they can get. If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad. R's, John
Re: emily postnews
You sure :-)^oo mh 28 octobre 2023 19:32 "Jay R. Ashworth" a écrit: > - Original Message - > >> From: "Randy Bush" >> >> another old dog doing a search wrote to tell me they really appreciated >> that i still had some antique advice up. i had long forgotten this one. >> but found it amusing and still more relevant than i might wish. >> >> https://psg.com/emily.html > > I would bet many dollars green American that the venn diagram of "people who > need that advice these days" and "people who can tell that it is sarcasm/ > satire" is two disjoint circles... > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink j...@baylink.com > Designer The Things I Think RFC 2100 > Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: emily postnews
- Original Message - > From: "Randy Bush" > another old dog doing a search wrote to tell me they really appreciated > that i still had some antique advice up. i had long forgotten this one. > but found it amusing and still more relevant than i might wish. > >https://psg.com/emily.html I would bet many dollars green American that the venn diagram of "people who need that advice these days" and "people who can tell that it is sarcasm/ satire" is two disjoint circles... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Pulling of Network Maps
Well, in fairness: those approaches *leave tracks* for a potential attacker; picking up published maps does not... Cheers, -- jra - Original Message - > From: "Mike Hammett" > To: "Denis Fondras" > Cc: nanog@nanog.org > Sent: Thursday, October 26, 2023 1:30:23 PM > Subject: Re: Pulling of Network Maps > But it already is publicly available to someone that's interested enough via > the > permits issued by the appropriate jurisdictions or if you put in 811 design > stage tickets. > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > - Original Message - > > From: "Denis Fondras" > To: nanog@nanog.org > Sent: Thursday, October 26, 2023 12:22:56 PM > Subject: Re: Pulling of Network Maps > > Le Thu, Oct 26, 2023 at 11:17:22AM -0500, Mike Hammett a écrit : >> Has anyone else noticed a trend of some network operators that previously >> offered street-level detailed maps, not only upon request, but also posted >> publicly have started to only provide them upon quotes? >> > > There is no small profit :) > > Also some will fear sabotage if the pathway is publicly available. -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses
- Original Message - > From: "Owen DeLong via NANOG" >> For a network feeding a data center, sure. For a network like >> Charter's which is feeding unsophisticated nontechnical users, they >> need all the messing they can get. >> >> If you're one of the small minority of retail users that knows enough >> about the technology to pick your own resolver, go ahead. But it's >> a reasonable default to keep malware out of Grandma's iPad. >> >> R's, >> John > > If it’s such a reasonable default, why don’t any of the public resolvers (e.g. > 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? It's a reasonable default behavior *for default resolver servers for consumer eyeball networks*. I knew that was what John meant, and I can't see any reason why you wouldn't know it too, Owen; this isn't your first rodeo, either. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274