|
|
|
|
|
|
by jagged-chisel
898 days ago
|
|
|
> They'd have to use a packet filter to do that Indeed they would. > My resolver respects DNS signing… I’m not honestly certain how big of a hurdle this is. I would figure that if a site is to be blocked, then the ISP substitutes their own “authoritative” response, which would include cryptographic signing details (even pretending their public key is the official one.) > My (niche) ISP is rather benevolent … I think most are. In my market, even the big guys haven’t done this, though I have heard about it happening in larger markets when big ISPs are up to no good (like inserting ads or whatever.) |
|
|