[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

Subject: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
From: jeroen at massar.ch (Jeroen Massar)
Date: Wed, 18 Sep 2019 12:51:53 +0200
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On 2019-09-18 12:24, Brian J. Murrell wrote:
> On Wed, 2019-09-18 at 09:15 +0200, Jeroen Massar wrote:
>> Hi Folks,
> 
> Hi.
> 
>> While in the US soon all Firefox users will *NOT* use your DNS
>> Recursives configured using DHCP anymore
>> (NXDOMAIN use-application-dns.net to avoid that[1]).
> 
> What am I misunderstanding?  Isn't use-application-dns.net supposed to
> return A results until "defeated"?  I have not configured my own DNS
> server to NXDOMAIN that yet, however:

That just means that somebody broke that setup as it worked last week and was pointing to Github Pages serving:

https://github.com/agrover/global-canary/

Maybe Google does not want Mozilla/CloudFlare to get all the DoH queries? :)
Nah likely just a failure somewhere, as both are supported heavily by Google (if there was no competition then Google would truly have a monopoly in the browser market and that would be bad, at least with them funding Mozilla and CF through the backdoor it looks like it isn't a monopoly as there "is that other thing")

There is a little thread about that domain here on dns-operations:
https://lists.dns-oarc.net/pipermail/dns-operations/2019-September/019179.html

Currently though:

use-application-dns.net. 172800	IN	NS	ns-cloud-b1.googledomains.com.
use-application-dns.net. 172800	IN	NS	ns-cloud-b2.googledomains.com.
use-application-dns.net. 172800	IN	NS	ns-cloud-b3.googledomains.com.
use-application-dns.net. 172800	IN	NS	ns-cloud-b4.googledomains.com.

$ dig @ns-cloud-b1.googledomains.com. use-application-dns.net. a
[..]
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21669
...

that is from my test host, but of course, from my other hosts it nicely NXDOMAINs.... but those hosts also route 1.1.1.1/8.8.8.8/8.8.4.4 and the IPv6 equivalents and many other such IPs (OpenDNS, etc and even root servers) to the local anycasted edition.... cause I don't want that in my networks.

Then again, as that makes me not a sheep, I am likely more visible anyway...[1]

Greets,
 Jeroen

[1] https://jeroen.massar.ch/presentations/vid/27C3-JeroenMassar-HowTheInternetSeesYou/

Follow-Ups:
- DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
  - From: johnl at iecc.com (John Levine)

References:
- DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
  - From: jeroen at massar.ch (Jeroen Massar)
- DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
  - From: brian at interlinx.bc.ca (Brian J. Murrell)

Prev by Date: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
Next by Date: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
Previous by thread: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
Next by thread: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
Index(es):
- Date
- Thread