----- Original Message ----- > From: "Stefan Neufeind" <na...@stefan-neufeind.de>
> If it's just "some" DNS your provider hands out, I agree it's not much > better as well. (But you might possibly assume your provider has less > interst to spy on all your emails, your dns-queries and the like.) You might assume that, I wouldn't. If your access provider is a commercial eyeball network like, say, Road Runner or Comcast, then there is, I believe, evidence that they do DPI and possibly even ad injection, in addition to playing NXDOMAIN games. > What imho you'll want is a reliable resolver which is as close to you > as possible (and have it do DNSSEC-validation etc.). Sure; everyone should have their recursing resolver at the edge of their network. But most consumers don't. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274