[AusNOG] 1.1.1.1 DNS resolvers

[Stephen Gillies]

There are a number of DNS servers (commercial products) out there with the extra security integrated for blacklist/threatfeed/behavioural analysis/anti-tunnelling which are I guess more enterprise focused security features, whereas something like quad-1^9 is surely for end users who are happy to give their passive DNS data to cloudflare and IBM?

I find it difficult to understand why any telco would just to give away all that DNS browsing data to someone else to analyse and monetise? 


Max 

Stephen ‘max’ Gillies 
M: +61 409 245 888

On 3/4/18, 9:07 pm, "AusNOG on behalf of Nikolai Lusan" <ausnog-bounces at lists.ausnog.net on behalf of nikolai at lusan.id.au> wrote:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    Hi,
    On Mon, 2018-04-02 at 10:32 +1000, Terry Manderson wrote:
    
    > How many operators promote services like 1.1.1.1 and 8.8.8.8 to their
    > customers instead of operating their own recursive DNS infrastructure?
    > 
    > And if you do, what was the driver and then risk mitigation position
    > taken?
    
    There is more to think about if you are an end provider - like complying
    with Australian court orders to block certain sites at a DNS level. 
    
    Certainly your own servers have both benefits and drawbacks (like it's
    something else to secure). I personally like to run my own resolvers
    everywhere (home/work, etc.). The extra security isn't a real problem for
    me, and the ability to use BIND views, RPZ zones, and other bells and
    whistles is a major benefit.
    
    - -- 
    Nikolai Lusan
    
    Email: nikolai at lusan.id.au
    Phone: 0425 661 620
    -----BEGIN PGP SIGNATURE-----
    
    iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAlrDYCUACgkQ4ZaDRV2V
    L6QsqQ/+MhJIiPeeRmiJzS0AD96nb60sLPcIzwKevugTt23gZ8oAfNKMuz6ptIEl
    /UfdFsrjrIKhEfbiu+whvuVjW9V7YZYjON5cFgKg8tGYChlgwLXm/K4Yt+HoZYpw
    6bnlRCM2ABzem6/3+kBwr8C5yH/0/Ypi0+VxWHYwsT4WiVHxNqH0CPjcbi/DxaOA
    jEXxvaZwlaa3C9XjPQ/9A/wqw/0mi56/qV1G2seqc6Xwah9DwcvG6mPOOiIuxMeu
    ZUbGyhivyCuPoUlqRBo2rmVRfay+X9sdzdmOJNaXrJWk/8oRa4PWHKLkhGszb5jZ
    VdcLjtTCOLCwF4cXT7oyNzoqLgznSOthBpmJM7e6rGOaSgAR19HOG6TPPwVDUsBg
    NRJQsC4PPD1pdCFIn15aXY+32PqO2SBNL7gXJB/nzCwsMkJO7fCtPcCyREVUKckl
    9To/OjgTLAETPC2pehGsr4MNJBiV904BdUy3UvErGs6z8qrWho+2Cr19R3CObnjw
    N38HKWg4gFnjM98XJEnStVeoEWI+LCEPaCrSSxrPGy6Efy8JHMJglpqxatZkROL4
    CEEbCVj3NJgaWjc6wuPubsDtEukUD1gy9vGXiqKRfOFBkP8sl47Dre4rSRzMGuna
    xcbV2A9fas+4lT4IPJ623fZni6BDxbAfYJ8Sv5rxOKsUrVt6198=
    =q7pG
    -----END PGP SIGNATURE-----
    
    _______________________________________________
    AusNOG mailing list
    AusNOG at lists.ausnog.net
    http://lists.ausnog.net/mailman/listinfo/ausnog