Sure, but that is not the context here. So I am still unsure about the "evil" aspect of it all.
Even if someone else has to use it. Certainly, when it is someone in their household who can access the administration for their client devices/applications as well.
Other people affected might be those who make use of the authors wifi. Where the author can also opt for guest wifi using regular DNS. Or not even do it on router basis and really a per-client basis.
The only context in which it is potentially "evil" or malicious is when people unknowingly get things blocked or redirected to the wrong things. But that is pretty far removed from the context of this article.
DNS and all the overall infra should do whatever the owner of the infra want it to do.
If i as the network admin don't want you to access some site i will block it, and blocking it at DNS level is one of the ways i have to achieve this and if i catch you trying to circumvent it you will be booted from my network in no time.
That is what local DNS servers are for and what solutions like Pi-Hole and AdGuard Home were desinged to accomplish..
There are many legitimate user cases that require you to mess with DNS. example, you can force google safe search in your network to all devices, google own instructions are to create a cname redirecting www.google.com to safesearch.google.com at your local DNS server.
So no, block or redirecting stuff in my DNS not only is not evil, it is required in many cases.
If you are trying to do something that is being blocked in the local network either talk to the network admin and explain why you need to do that and check if he can fix it for you and if he cant\wont then go do it somewhere else..
Also, most, if not all, the large enterprises do dns level blocking, as they should.. Go try work around this and i bet you they will call you out, insist and you will be job hunting in no time..
well, there is certainly a lot to be said for efficiently checking boxes.
just wanted to point out that dns-level blocking introduces a discrepancy to a shared truth, which creates problems and is hence more costly than it might appear.
Don't know what shared truth you are referring too.. truth is totally relative...
I have stuff that i can only access inside my home network, so here the truth is one.. Out in the internet those same addresses do not exist, so out there the truth is another..
This is also the same for most, if not all, enterprises, there is always stuff that can only be accessed either on the internal network or via VPN..
There are address that point to different endpoints depending on the network you are connected, and this is by design, again the network wide google safe search is an example.
Same thing for streaming services and CDN's, the same address will return a different endpoint depending on your location..
This happen even for direct IP address without using DNS, Quad9 for example have dozens of servers that provide service to the address 9.9.9.9 for their DNS Server, so depending on your location the same IP address will connect you to a different server that is located closer to you to ensure fast access.
DNS like anything in the network and in computing in general can cause problem if not done correctly.. But then the problem is how it was implemented not the dns blocking or redirecting functionalities on themselves..
Even if someone else has to use it. Certainly, when it is someone in their household who can access the administration for their client devices/applications as well.
Other people affected might be those who make use of the authors wifi. Where the author can also opt for guest wifi using regular DNS. Or not even do it on router basis and really a per-client basis.
The only context in which it is potentially "evil" or malicious is when people unknowingly get things blocked or redirected to the wrong things. But that is pretty far removed from the context of this article.