On Fri, Apr 24, 2020 at 10:00:53AM -0500, Ken Hohhof wrote: [...] > There is a whole movement telling people that ISP resolvers are slow > and insecure, that it will be faster and safer to use DNS over HTTPS > to 1.1.1.1 or something similar. I’ve never quite understood the claim > that it’s faster to use cloud DNS. You could maybe say they have a > bigger customer base and therefore more cached entries, but that > doesn’t seem to be their claim. It’s like they think 8.8.8.8 or > 1.1.1.1 is closer to the customer than the ISP’s servers, which > baffles me. And as far as cache size, it seems most sites now set the > TTL so low that all queries are recursive.
There are two issues: -- how far away is your recursor? -- how much PII are they scooping up? Vixie's given this talk a couple of times, and I think this one at SCaLE is likely the best one on YouTube: https://www.youtube.com/watch?v=artLJOwToVY -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
