undefined | Better HN

0 pointstptacek5y ago0 comments

They're suggesting you install your own local DNS server --- nothing prevents you from doing that, and just talking straight to the roots instead of through your ISP's DNS server.

The real problem is not your ISP, but rather the fact that the most important sites on the Internet have rejected DNSSEC and aren't signed. DNSSEC can't do anything for you with hostnames in zones that haven't been signed by their operators, and, to a first approximation, every zone managed by a serious security team (with a tiny number of exceptions like Cloud Flare, who sells DNSSEC services) has declined to do so.

0 comments

johncolanduoni5y ago

Do any ISPs intercept upstream requests when running your own recursive resolver? If not, DNSSEC isn’t relevant here and you should be fine just fine with “only” running your own without requiring DNSSEC.

tptacekOP5y ago

They could. I doubt they do.

j / k navigate · click thread line to collapse

0 pointstptacek5y ago0 comments

They're suggesting you install your own local DNS server --- nothing prevents you from doing that, and just talking straight to the roots instead of through your ISP's DNS server.

0 comments

johncolanduoni5y ago

tptacekOP5y ago

They could. I doubt they do.

j / k navigate · click thread line to collapse