[sp332]

You could just use Google's 8.8.8.8 and 8.8.4.4 though.

[dublinben]

Plenty of people don't want to send all of their DNS requests to Google.

[pdkl95]

Google's DNS resolvers are 100% truthful?

[sp332]

I've never heard of them changing or blocking entries. They're on Wikileaks' list of censorship-avoiding DNS servers http://www.wikileaks.org/wiki/Alternative_DNS And Google claims: Google Public DNS does not perform blocking or filtering of any kind. https://developers.google.com/speed/public-dns/docs/intro?cs...

[pdkl95]

Not what I had in mind. Ignoring the NXDOMAIN results, what makes you trust the VALUE of the NS/A/AAAA/MX/whatever records you get from Google (or any other resolver)?

Because I have frequently seen provably-wrong results from other resolvers, and some highly-suspicious results from 8.8.8.8 on occasion (though I haven't checked particularly often).

The point being, unless you're proving the results with DNSSEC (or similar), you can't trust any source.

[sp332]

Is that the sort of thing that could be fixed by running your own DNS resolver? I mean it all comes down to DNSSEC eventually.

[pdkl95]

You can limit some of the simple abuses by resolving DNS yourself, but DNSSEC (or other crypo-auth system) is best, of course.

I use and recommend doing both, as there's very little downside to running your own resolver.