:: Re: [DNG] Mozilla and cloudflare to…
Page principale
Ce message fait partie du fil suivant :
M\Arborescence complète du fil triée par date
MMSteve Litt à <-
MAlessandro Selli à ->
Supprimer ce message
Répondre à ce message
Auteur: Rick Moen
Date:  
À: dng
Sujet: Re: [DNG] Mozilla and cloudflare to hijack all your DNS requests - for your own good of course
Quoting Steve Litt (slitt@???):

> Some folks don't have what it takes to install their own caching DNS
> server, even one as simple as Unbound, and therefore I think they're
> better off with a known-decent public DNS than the DNS DHCP-recommended
> by whatever hotspot they happen to be passing.

Yes, this is a fair and valid point.

Cloudfare has a reputation of super-fast results from its public
recursive service (though obviously a local resolver would be
significantly faster still), so that could be considered a slight
advantage over other remote-service competitors -- and ISP recursive
nameservice is, as a general rule, so infamously bad that any of these
big public services is relatively attractive -- as long as you care
nothing at all for privacy and control over your Internet
infrastructure.

That same assumption of insouciance applies if you use your ISP's
(or local, e.g., hotel or coffee house hotspot's) recursive servers,
with the difference that _if_ you are paying money for services
including DNS (as you are with an ISP), the other party has a strong
legal obligation to protect your interests (e.g., the implied covenant
of good faith and fair dealing).

I've pondered over the years the difference between rights you have when
you're paying for services and rights when you aren't, and I'm _pretty_
sure the latter are orders of magnitude weaker, under caselaw and
standard contract law, than the former. I.e., people who assume 'free'
Internet providers are obliged by law (not to mention motivated) to
treat you with the same respect they would a paying customer are living
in a fool's paradise.

As a side observation, it is sometimes very useful to keep and use a
local DNS cache, e.g., using nscd, irrespective of where the recursive
service is happening. (The classic use-case for nscd is on NFS/NIS
or NFS/LDAP networks, but wider use sometimes is sensible, too.)

(nscd can cache a great deal more than DNS. It is of course
configurable. See:
https://prefetch.net/blog/2011/03/27/configuring-nscd-to-cache-dns-host-lookups/
)



Ce message a été envoyé sur les listes de diffusion suivantes :
dng
Informations sur la liste de diffusion | Messages voisins		<-Re: [DNG] Mozilla and cloudflare to hijack all your DNS requests - for your own good of courseRe: [DNG] Mozilla and cloudflare to hijack all your DNS requests -for your own good of course->

Donate to Dyne.org

dyne.org open discussions
administré par dyne.org hackers		Lurker (version 2.3)