undefined | Better HN

0 pointscreesch1y ago0 comments

Sure, but that is not the context here. So I am still unsure about the "evil" aspect of it all.

Even if someone else has to use it. Certainly, when it is someone in their household who can access the administration for their client devices/applications as well.

Other people affected might be those who make use of the authors wifi. Where the author can also opt for guest wifi using regular DNS. Or not even do it on router basis and really a per-client basis.

The only context in which it is potentially "evil" or malicious is when people unknowingly get things blocked or redirected to the wrong things. But that is pretty far removed from the context of this article.

0 comments

sulandor1y ago

> The only context in which it is potentially "evil" or malicious is when people unknowingly get things blocked or redirected to the wrong things.

that was kind of my point;

dns-infrastructure should not knowingly give wrong answers because that will make it less useful and more of a hassle down the road

tmottabr1y ago

DNS and all the overall infra should do whatever the owner of the infra want it to do.

If i as the network admin don't want you to access some site i will block it, and blocking it at DNS level is one of the ways i have to achieve this and if i catch you trying to circumvent it you will be booted from my network in no time.

That is what local DNS servers are for and what solutions like Pi-Hole and AdGuard Home were desinged to accomplish..

There are many legitimate user cases that require you to mess with DNS. example, you can force google safe search in your network to all devices, google own instructions are to create a cname redirecting www.google.com to safesearch.google.com at your local DNS server.

So no, block or redirecting stuff in my DNS not only is not evil, it is required in many cases.

If you are trying to do something that is being blocked in the local network either talk to the network admin and explain why you need to do that and check if he can fix it for you and if he cant\wont then go do it somewhere else..

Also, most, if not all, the large enterprises do dns level blocking, as they should.. Go try work around this and i bet you they will call you out, insist and you will be job hunting in no time..

sulandor1y ago

well, there is certainly a lot to be said for efficiently checking boxes.

just wanted to point out that dns-level blocking introduces a discrepancy to a shared truth, which creates problems and is hence more costly than it might appear.

1 more reply

creeschOP1y ago

> because that will make it less useful and more of a hassle down the road

You can't just say "it is this because it is this". Clearly the sole user of DNS finds it useful to block through DNS.

What sort of hassles do you even have in mind?

j / k navigate · click thread line to collapse

0 pointscreesch1y ago0 comments

Sure, but that is not the context here. So I am still unsure about the "evil" aspect of it all.

Even if someone else has to use it. Certainly, when it is someone in their household who can access the administration for their client devices/applications as well.

Other people affected might be those who make use of the authors wifi. Where the author can also opt for guest wifi using regular DNS. Or not even do it on router basis and really a per-client basis.

0 comments

sulandor1y ago

> The only context in which it is potentially "evil" or malicious is when people unknowingly get things blocked or redirected to the wrong things.

that was kind of my point;

dns-infrastructure should not knowingly give wrong answers because that will make it less useful and more of a hassle down the road

tmottabr1y ago

DNS and all the overall infra should do whatever the owner of the infra want it to do.

That is what local DNS servers are for and what solutions like Pi-Hole and AdGuard Home were desinged to accomplish..

So no, block or redirecting stuff in my DNS not only is not evil, it is required in many cases.

Also, most, if not all, the large enterprises do dns level blocking, as they should.. Go try work around this and i bet you they will call you out, insist and you will be job hunting in no time..

sulandor1y ago

well, there is certainly a lot to be said for efficiently checking boxes.

just wanted to point out that dns-level blocking introduces a discrepancy to a shared truth, which creates problems and is hence more costly than it might appear.

1 more reply

creeschOP1y ago

> because that will make it less useful and more of a hassle down the road

You can't just say "it is this because it is this". Clearly the sole user of DNS finds it useful to block through DNS.

What sort of hassles do you even have in mind?

j / k navigate · click thread line to collapse