On Thu, Feb 21, 2013 at 2:28 AM, curriegrad2004
<[log in to unmask]> wrote:
> On Wed, Feb 20, 2013 at 10:16 PM, Todd And Margo Chester
> <[log in to unmask]> wrote:
>>
>> I can not get frontier's DNS servers to resolve
>> releases.mozilla.org. So, in my /etc/named.conf
>> I commented out frontier's DNS servers and substituted
>> Google's (8.8.8.8) and Open DNS' (208.67.222.222).
>>
>>         # forwarders { 216.67.192.3; 74.40.37.242; };
>>         # forwarders { 74.40.74.40; 74.40.74.41; };
>>         forwarders { 8.8.8.8; 208.67.222.222; };
>>
>> Am I making a security mistake here?
>
> From a security perspective, I would seriously not even bother
> querying anybody's DNS servers but rather have BIND to become a full
> recursive DNS server using only the root hints provided by IANA.

From a security perspective: Do you really think that Google's DNS
servers are more insecure that the root DNS servers?!

From a privacy perspective: If you're not logged in to a Google
service, your logs are anonymized so there's no privacy concern. If
you're logged in to a Google service, it doesn't matter because your
cookies *can* be used to track you.

Using bind as a recursive nameserver for a desktop seems like overkill
(at the very least from configuration perspective). Isn't unbound
available in the SL repositories?