that sounds right.
that can log it the ONT and turn stuff on and off run speed test
god only knows what else.
My IPfire is plugged into the ONT and i have no problem with DNSSEC
or DoT.
So do they have a encrypted connection. I’m sure they do…
so they can control it. don’t pay they turn it off.
need phone they turn it on.
What really sucks about fiber ISPs, they are not the same everywhere and even the same company in a different region can be running a different system. But even that, DNSSEC can be different because you have to set TLS manually as the default is TCP for DNSSEC. Unless the server was recently brought online these past couple of years, its most likely TCP and not TLS and a lot of these fiber areas are updated DSL system they purchased from telephone companies. Of course I have the honour of being stuck in cable tv land as the company did update and install fiber, but sold the company to bluepeak, and sold the fiber to a business only ISP (SDN communications) and I’m still stuck on a 40+ year old ageing CATV Dosics system that two years ago, they finally upgraded to doscis 3.0
I don’t know why anyone in the US would care about DNSSEC anyways. Because all public DNS servers have to log everyone and share it with the Federal Government because of a policy Obama put in place to snoop on everyone. Even commercial VPNs have to do this. So until the voters pressure the politicians to change this, you don’t have privacy anyways. Not here in the US.
Your ONT sounds like a mac provisioned type (much like my cable modem) instead of a PPPoe type that was an upgraded DSL system. Which is easy to program an SPF module for - Just clone the mac address and be done. A lot of AT&T stuff is like that.
I guess that is what foreign DNS providers are for.
Wasn’t Quad 9 in California?
not any more! ?
They still have an Arin registry, which means the feds have access. But since I did look them up, you can call:
OrgTechName: Shrestha, Kabindra
OrgTechPhone: +1-415-831-3111
At Quad 9 and Kabindra could discuss this in detail.
Of course we can get into a discussion about the zero day bugs in dnssec that defeats vpn and TLS/SSL but that might be too much for this site.