----- Original Message -----
From: "Stefan Neufeind" <nanog@stefan-neufeind.de>
If it's just "some" DNS your provider hands out, I agree it's not much better as well. (But you might possibly assume your provider has less interst to spy on all your emails, your dns-queries and the like.)
You might assume that, I wouldn't. If your access provider is a commercial eyeball network like, say, Road Runner or Comcast, then there is, I believe, evidence that they do DPI and possibly even ad injection, in addition to playing NXDOMAIN games.
What imho you'll want is a reliable resolver which is as close to you as possible (and have it do DNSSEC-validation etc.).
Sure; everyone should have their recursing resolver at the edge of their network. But most consumers don't. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274