Toni Mueller support+unbound at oeko.net
Wed Jul 22 09:51:25 UTC 2020

On Tue, Jul 21, 2020 at 11:06:52PM -0400, Eric Luehrsen via Unbound-users wrote:
> It may not be censorship. Consumer IOT devices have been more infected by
> bot-nets according to recent reports. DNS and DNSSEC are documented tools
> for amplification attacks. It may be a counter measure deployed during an
> attack. US ISP also engage in "snoop-vertising." Most are happy to collect
> analytics from customers with rented modems in stock configuration, and they
> do not harm basic internet function. A few dig deeper and cause problems
> like NXDOMAIN substitution and port 53/853 diversion. It may be one of these
> undesirable implementations.

My local ISP, at least until very recently, always delivered doctored
answers, but taken from who-knows-where. I run my own authoritative name
servers, and when I tried to query them, I got stale answers with a
bogus, uniform TTL of 1 minute, everytime. I also wouldn't get any
updates until hours later. They also have a nanny filter which I can't
really disable.

Unfortunately, I don't have an influence over what kind of Internet I
get in here. =8-(


More information about the Unbound-users mailing list