Yet Another Cycling Forum
General Category => The Knowledge => Ctrl-Alt-Del => Topic started by: Ham on 25 March, 2017, 07:13:02 pm
-
I've been using Google 8.8.8.8 and 4.4.4.4 for ages, but at the moment they are flaky in the extreme. Any suggestions for alternatives?
-
OpenDNS? 208.67.222.222 ยท 208.67.220.220
-
OpenDNS (https://use.opendns.com/) (mildly evil)
Your ISP (assuming they're basically competent) (may or may not be evil)
Run your own (guaranteed non-evil)
-
My ISP is Virgin (evil)
OpenDNS is working, thanks, Google DNS is just so easy to remember and I've sold my soul to them anyhow.
-
I thought you could turn Virgin's NXDOMAIN hijacking off..
-
Never tried, tbh, just use Google's habitually
-
OpenDNS (https://use.opendns.com/) (mildly evil)
Why are OpenDNS mildly evil?
DuckDuckGo has an instant answer for this:
https://duckduckgo.com/?q=dns+servers&t=lm&ia=answer&iax=1
-
.....only duckduckgo was unavailable, as was Google. Weirdly some sites were ok, and not just cache. I assume it must be some form of attack that waxes and wanes.
Trouble with any list like that, you don't really know how effective the site is, and you could easily design an attack vector based around hacking a DNS server.
-
That's why I run my own.
If you have a home network of more than a few machines, then even an old laptop sitting in the corner can make a perfectly good DNS server.
-
OpenDNS (https://use.opendns.com/) (mildly evil)
Why are OpenDNS mildly evil?
Hijacking NXDOMAIN is evil. It breaks things.
Also they do filtering, which can be used for evil.
-
.....only duckduckgo was unavailable, as was Google. Weirdly some sites were ok, and not just cache. I assume it must be some form of attack that waxes and wanes.
Well you made it onto YACF ! :thumbsup:
Trouble with any list like that, you don't really know how effective the site is, and you could easily design an attack vector based around hacking a DNS server.
Surely that's where doing your own research comes in?
And unless you are using DNSSEC (which has it's own security problems) DNS cache poisoning is trivial. Personally I'm much more concerned around privacy, filtering and NXDOMAINs not resolving to sites that offer advertising.
-
OpenDNS (https://use.opendns.com/) (mildly evil)
Why are OpenDNS mildly evil?
Hijacking NXDOMAIN is evil. It breaks things.
Also they do filtering, which can be used for evil.
The only NXDOMAIN hijacking I've seen OpenDNS using is with the filtered content on their family friendly DNS IPs. I haven't seen any on the usual IPs.
The real time analysis OpenDNS do is pretty powerful stuff when it comes to identifying and dropping malicious domains.
That said, an awful lot can be revealed about a persons internet usage from DNS queries alone, thus privacy is my biggest concern. Been tempted to switch out for root servers for quite some time.