Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

If you want to be a little less obvious about your DNS traffic, there
are a few T1 and T2 servers which also respond on port 5353 in order to
assist those who have ISP's which intercept their dns queries.  This is
still plaintext packets, so deep packet inspection would still detect
your queries, but so far we have not seen that be a problem for anyone.


On 01/08/2013 04:21 AM, Simon wrote:
> On 01/08/13 11:17, Waqas Ashraf wrote:
>> Reason I had asked that if I can check to see if I'm only going through 
>> opennic root servers rather then ICANN is because I was thinking about all 
>> the filtering that happens on ISP side of anything you search where they 
>> might deem something not safe for you and decide for you you don't need to 
>> know. So I was wondering if I could entirely bypass their root zone 
>> complete and go through only OPennic. I don't if it make sense to anyone 
>> maybe I should think more on it and rewrite what I'm trying to say. 
> Now you're running your own server, you're not going through your ISPs
> nameservers but your DNS transactions are still traversing their network
> in the clear so it's theoretically possible that they could snoop on
> your DNS requests.
>
> You are, however, going through the ICANN servers to resolve ICANN
> domains only. For Opennic domains (e.g. .geek, .free etc) you are using
> the Opennic servers.
>
> If your DNS packets being in the clear is a problem for you then you
> need to consider using an encrypted connection over which to make your
> DNS requests or using something like TOR.
>
>
> HTH
>
> Simon
>
>
>
>
>
> --------
> You are a member of the OpenNIC Discuss list. 
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org