I'd agree and disagree, filtering the default isp provided dns server for consumer and possibly small business, reasonable, not without some issues, but reasonable. Comcast style filter servers and intercept all dns headed to other dns servers and redirect them to your own servers and make it difficult to disable, unreasonable, if people deliberately choose to use different dns do NOT override that choice at an isp level (corporate/business firewalls are a bit of a different story), offering security filtered dns as a default isp provided server is a value add for many non technical users, filtering beyond security or making it difficult to use other dns servers is a detriment to users. my view on small business's with static addresses are a little more complex, they are more likely to be doing things the filtering might break, but many of those things also are best done while running your own recursive resolver, so it may not actually matter that much, but definitely don't do a forced dns server via redirection of all dns queries for such users, honestly don't ever do that as an ISP without specific direct opt in, not opt in by not fighting with sales to remove a line from an order, or other "opt-in" that isn't actually customer initiated informed opt-in, I'm looking at you Comcast. On 10/27/2023 5:20 PM, John Levine wrote:
It appears that Bryan Fields <Bryan@bryanfields.net> said:
-=-=-=-=-=- -=-=-=-=-=- On 10/27/23 7:49 AM, John Levine wrote:
But for obvious good reasons, the vast majority of their customers don't
I'd argue that as a service provider deliberately messing with DNS is an obvious bad thing. They're there to deliver packets.
For a network feeding a data center, sure. For a network like Charter's which is feeding unsophisticated nontechnical users, they need all the messing they can get.
If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad.
R's, John