[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Securing DNS traffic
Am Sonntag, 24. Mai 2020, 20:02:45 CEST schrieb Aaron B.:
> I'm also worried about this, but also fear datamining by my ISP. So I
> completely ditched Google, and split my queries between Cloudflare and
> Quad9 - neither gets the complete picture.
This relys on a typical misunderstanding what most of these data collecting N
services are after. "getting to know what websites / servers some single user
connects to" usually not, because that would be very inefficient.
If you fear that your ISP "can do that" - DNS is the wrong vector to "block
that", because he can much more easily use netflow, firewall / router "logging"
and similiar efficient ways to see (and collect / process) with which servers a
single customer (not user) really got connected and (each time!) when
(without the huge "caching blindness" of DNS) and how often / how intensive
(even with SSL/TLS - except SNI / "virtual hosts", but this often can be
uncovered by "traffic correlation" if really required).
I would trust my (paid) ISPs NS much more then any other "free" one by all
what i've seen in my life there - especially if your ISP grants you no usage
logging by contract. And what i knew from Mozilla and Co., these are much
less "selfless" too as their public image project it...
If your ISP really cheat you - he could/would do this (as explained) without
his DNS (except in some countries where local ISPs filter third party DNS at
all because of "regulation", what usually means censorship...).
Syndicat IT & Internet
Main Index |
Thread Index |