Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

> On Nov 1, 2023, at 13:28, Michael Thomas wrote: > > > On 10/28/23 3:13 AM, John Levine wrote: >> It appears that Michael Thomas said: If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a

Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

On 10/28/23 3:13 AM, John Levine wrote: It appears that Michael Thomas said: If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad. How does this

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

Agreed, it should be 100% opt-in… and I don’t even like the idea of providing filtered DNS at all. But sadly, judging by the number of neighborhood Facebook group posts I see from people complaining about “their wifi being down” during yet another fiber cut, there are an increasingly large

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

> On Oct 30, 2023, at 07:58, Livingood, Jason > wrote: > > On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote: > >> If it’s such a reasonable default, why don’t any of the public resolvers >> (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? >> DNS isn’t the right place to attack this,

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

No, Charter doesn't use those. Charter runs its own anycasted recursive nameservers. On 10/30/23, 2:46 PM, "NANOG on behalf of Livingood, Jason via NANOG" mailto:charter@nanog.org> on behalf of nanog@nanog.org > wrote: CAUTION: The e-mail below is from an

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

On 10/30/23, 16:02, "John R. Levine" mailto:jo...@iecc.com>> wrote: > I have no idea whether Charter uses one of these, some other third party, or their own. They don't use those providers as far as I am aware. I've alerted someone from CHTR of this thread. JL

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

On Mon, 30 Oct 2023, Livingood, Jason wrote: On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote: If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? DNS isn’t the right place to attack this, IMHO. Are we sure that the

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote: > If it’s such a reasonable default, why don’t any of the public resolvers > (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? > DNS isn’t the right place to attack this, IMHO. Are we sure that the filtering is done in the default view - I

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

I agree it actually is wise for them to offer a filtered service for those that want it but opt in for sure On Fri, Oct 27, 2023, 12:35 PM Bryan Fields wrote: > On 10/27/23 7:49 AM, John Levine wrote: > > But for obvious good reasons, > > the vast majority of their customers don't > > I'd argue

Re: Charter DNS servers returning malware filtered IP addresses

> > DNS isn’t the right place to attack this, IMHO. > ... > I’ve seen plenty of situations where the filters were just plain wrong and > if the end user didn’t actively choose that filtration, the target site may > be victimized without anyone knowing where to go to complain. Not much different

Re: Charter DNS servers returning malware filtered IP addresses

It appears that said: >* Owen DeLong [Sat 28 Oct 2023, 01:00 CEST]: >>If it’s such a reasonable default, why don’t any of the public >>resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? > >It's generally a service that's offered for money. Quad9 definitely >offer it:

Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

It appears that Michael Thomas said: >> If you're one of the small minority of retail users that knows enough >> about the technology to pick your own resolver, go ahead. But it's >> a reasonable default to keep malware out of Grandma's iPad. > >How does this line up with DoH? Aren't they using

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? Oh my, you walked right into that one. https://www.quad9.net/service/threat-blocking/ https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ I'm also surprised

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

> On Oct 28, 2023, at 10:28, Jay R. Ashworth wrote: > > - Original Message - >> From: "Owen DeLong via NANOG" > >>> For a network feeding a data center, sure. For a network like >>> Charter's which is feeding unsophisticated nontechnical users, they >>> need all the messing they can

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

I'd agree and disagree, filtering the default isp provided dns server for consumer and possibly small business, reasonable, not without some issues, but reasonable. Comcast style filter servers and intercept all dns headed to other dns servers and redirect them to your own servers and make it

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

- Original Message - > From: "Owen DeLong via NANOG" >> For a network feeding a data center, sure. For a network like >> Charter's which is feeding unsophisticated nontechnical users, they >> need all the messing they can get. >> >> If you're one of the small minority of retail users

Re: Charter DNS servers returning malware filtered IP addresses

>> DNS isn’t the right place to attack this, IMHO. > > Why not (apart from a purity argument), and where should it happen instead? > As others pointed out, network operators have a vested interest in protecting > their customers from becoming victims to malware. Takedowns of the hostile

Re: Charter DNS servers returning malware filtered IP addresses

* Owen DeLong [Sat 28 Oct 2023, 01:00 CEST]: If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? It's generally a service that's offered for money. Quad9 definitely offer it: https://www.quad9.net/service/threat-blocking

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

When you have a sufficiently large mass of non-technical end users, inevitably some percentage of them will end up doing something like enabling WAN-interface-facing remote admin access,which then gets pwned and turned into a botnet. It's a real problem at scale. Compromised CPE routers in

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

On 10/27/23 2:20 PM, John Levine wrote: It appears that Bryan Fields said: -=-=-=-=-=- -=-=-=-=-=- On 10/27/23 7:49 AM, John Levine wrote: But for obvious good reasons, the vast majority of their customers don't I'd argue that as a service provider deliberately messing with DNS is an

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

> On Oct 27, 2023, at 14:20, John Levine wrote: > > It appears that Bryan Fields said: >> -=-=-=-=-=- >> -=-=-=-=-=- >> On 10/27/23 7:49 AM, John Levine wrote: >>> But for obvious good reasons, >>> the vast majority of their customers don't >> >> I'd argue that as a service provider

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

It appears that Bryan Fields said: >-=-=-=-=-=- >-=-=-=-=-=- >On 10/27/23 7:49 AM, John Levine wrote: >> But for obvious good reasons, >> the vast majority of their customers don't > >I'd argue that as a service provider deliberately messing with DNS is an >obvious bad thing. They're there to

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

On 10/27/23 7:49 AM, John Levine wrote: But for obvious good reasons, the vast majority of their customers don't I'd argue that as a service provider deliberately messing with DNS is an obvious bad thing. They're there to deliver packets. -- Bryan Fields 727-409-1194 - Voice

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

According to Bryan Fields : >On 10/25/23 4:58 PM, Compton, Rich A wrote: >> Charter uses threat intel from Akamai to block certain "malicious" domains. > >Does charter do this on signed domains too? Of course. If you want to run your own DNSSEC resolver and bypass their malware protection, you