If you are relying on a DNS response from ANYONE to establish trust, you are doing it wrong. We have been trying with very limited success to add some level of security to DNS for almost two decades. It's incredibly easy to hijack, and nearly every ISP (including Comcast) has been caught tampering with it. DNS is quite literally the least secure protocol on the entire internet. This further confirms that you do not have the slightest clue what you are talking about. Note that they turned the service off after several years because it was determined to be indistinguishable from "malicious" DNS hijacking. This wasn't just a mistake, it was a willful sellout of their customers. Marginal costs may not be that high because they probably need all these DNS servers on the edge for their CDN service.īTW, Comcast betrayed all its customers with the DNS hijacking in their Comcast Domain Helper service. If they are the fastest DNS they will speed up all DNS queries, but queries about sites using their CDN could be even faster, particularly because of the way that CDNs use DNS.ģ. Faster serving of content that they host on their content delivery network (CDN) to end users. I understand how DNS systems work, but what exactly is in it for CloudFlare? It costs them money to run this service and to retain KPMG to do the audits.Īre they looking to use this as a channel to re-route mass users in case of a DDoS attack to a site they provide CloudFlare service to? But, really, Dns redirect, ad insertion, mal formed address spoofing, cookie propagation. Sounds like you would benefit immeasurably from secure dns and trusted computing. By the way I bet you a nickel you walk through the cloudflare stack to get to Vanguard. Skepticism means you can learn and make a rational decision.
Besides, if your criteria is large public company wouldn’t you use Google’s DNS service instead? Google is much larger. Seriously, Cloudflare is an 800lbs gorilla in the industry. The only thing Comcast has that Cloudflare lacks is a history of shady business practices. So it is not me who is going to use 1.1.1.1 as my DNS.Ĭloudflare has revenue well in excess of $100mm and its major shareholders are Microsoft and Fidelity.
I do not have the same level of trust with a small private company such as CloudFlare.
#PFSENSE NAMEBENCH PASSWORD#
I might disagree with my Comcast bill but I trust the IP address they return and the webpage I visit as a result of my browser receiving the IP address I am happy to enter my username and password to do my business. When I enter in my browser, Comcast's DNS lookup returns IP address 192.175.191.200. I am really not a fanboy, I don't use their DNS. They are a leading company advocating for privacy (we can argue a bit about this, but, I don't feel I am being hyperbolic). They service over 7 million internet properties. If the content was all Cloudflare, they would be the 10th largest property on the internet. Cloudflare is the front end of a large bulk of the net. I mean literally transmitting packets back and forth to their servers. As an aside, you are probably spending 50% or more of your time running through cloudflare. You may wish to understand (grok would be the term I would use) what you are talking about before you boldly claim that Comcast is your protector here. That's a bit like walking around with your social security number on your back and saying you will only do it in NY, where you are safe because there are lots of police. You mention the term breach (suggesting Facebook which wasn't a breach at least in the classical definition) and you are probably dollars to donuts requesting your DNS in the clear. The problem with not understanding the subject matter and speaking authoritatively is that for anyone that does understand, all your opinions are immediately discounted. This may be the first time in my adult life I have heard anyone say something positive and comcast in the same breath. For the same reason, I keep my investment with Vanguard and Fidelity instead of investing with Bernie Madoff even knowing that Madoff's rate of return is better than what I will get from index funds. So I will continue to use Comcast-DNS instead of a PopUp-DNS.
0 kommentar(er)
