The case you describe is "consensual", because you can change it. A non-consensual case would be the one where all traffic to port 53 at anything other than the operator's resolver is blocked.
I think we're conflating a bunch of different things here.
Some networks force all port 53 traffic through their own DNS caches. That's clearly non-consensual (give or take the option to use a different network), but the networks that do that are all over the place in what rewriting they do. A typical thing is to return the address of their login server for all queries until you log in, then they may or may not rewrite answers.
My ISP (Time-Warner) has a DNS cache that usually rewrites NXDOMAIN to an A record for their search page, but each user can go to a settings page and say they want the real answers. That is the default cache their DHCP server provides, and is what most of their customers use, but they don't otherwise mess with DNS traffic and you can use an external cache like 8.8.8.8 or run your own cache if you want. (I have a little BSD box on my LAN running unbound and dhcpd, which serves all the hosts behind my NAT router.) That setup is what I call opt-out.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
