Hacker News new | past | comments | ask | show | jobs | submit login

> But since my provider knows every ip i connect to, they already have everything they need in the first place, even if i dont use their dns.

If you connect to something fronted by CloudFlare your ISP can see you connecting to CF, if they provide your DNS then they can see what you're connecting to that's fronted by CF. A subtle yet important distinction.

Ignoring that, switching from your ISPs DNS prevents all kinds of shit they like to do like redirecting to ads on an unknown domain.




>Ignoring that, switching from your ISPs DNS prevents all kinds of shit they like to do like redirecting to ads on an unknown domain.

That's like saying base64 encoding your texts prevents your carrier from snooping on them. DNS packets aren't encrypted. There's nothing preventing your ISP from intercepting your DNS packets and redirecting them back to their servers. All you're doing is making it slightly harder on their end.


> redirecting to ads on an unknown domain

I can cleary see that, in states like iran or china, getting redirected to somewhere you did not chose to go is really problematic, but getting redirected to ads by your own provider, does this happen in your country?

In germany, i guess, this would be quite illegal for a provider to do and be considered as attacking the ingetrity of the dns system for personal gain.

>If you connect to something fronted by CloudFlare your ISP can see you connecting to CF, if they provide your DNS then they can see what you're connecting to that's fronted by CF. A subtle yet important distinction.

Well, most of the time, you would connect to ips that are not fronted by CF servers, so theres nothing to gain there.


In the cases where I’ve seen this happen, the DNS provider is rewriting NXDOMAIN responses. So, when you make a typo, you hit a “helpful” error page that has ads and tracking in it.


DNS hijacking is extremely common with ISPs.

https://en.wikipedia.org/wiki/DNS_hijacking#Manipulation_by_...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: