When you have a sufficiently large mass of non-technical end users, inevitably some percentage of them will end up doing something like enabling WAN-interface-facing remote admin access,which then gets pwned and turned into a botnet. It's a real problem at scale. Compromised CPE routers in addition to people visiting virus/trojan laden webservers and infecting their endpoint devices. good example: https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-... On Fri, Oct 27, 2023 at 3:37 PM John Levine <johnl@iecc.com> wrote:
It appears that Bryan Fields <Bryan@bryanfields.net> said:
-=-=-=-=-=- -=-=-=-=-=- On 10/27/23 7:49 AM, John Levine wrote:
But for obvious good reasons, the vast majority of their customers don't
I'd argue that as a service provider deliberately messing with DNS is an obvious bad thing. They're there to deliver packets.
For a network feeding a data center, sure. For a network like Charter's which is feeding unsophisticated nontechnical users, they need all the messing they can get.
If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad.
R's, John