Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It depends on the competency of your ISP and how aggressive they are about so-called features. In several cases, the ISP provided DNS decided not to return NX results and instead returned a page of ads which was great for email servers, back in the day. The other failure mode I've seen is that the ISP's DNS servers are overloaded and take several seconds to respond.


Several cases is no enough reason for me to avoid ISP DNS by default, many if not most ISP don’t spoof NXDOMAIN and provide fast DNS.


There's also the reality that using your ISP's DNS almost entirely moots any VPN you use. The main reason to use a VPN is to hide your browsing from your ISP and anyone your ISP might be reporting to (in the US for example we've seen several programs where the government intercepts ISP data at special places in interconnects, so even if your ISP publicly says your DNS is safe, it could actually be logged to a spy database associated to you)

When you use a VPN and then immediately send all your DNS lookups right back to your ISP... Hey I wonder where this person is actually from! Maybe the geographical area of the regional ISP that all their DNS lookups are coming from...


In India, internet providers already provide a portal to the police and other agencies with no accountability.

https://entrackr.com/2022/11/exclusive-indian-isps-we-alread...


If you use VPN then you need to ensure that DNS traffic goes via VPN too of course. Not using ISP DNS is not enough in this case.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: