DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

• Previous message (by thread): DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
• Next message (by thread): DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019-09-18 12:24, Brian J. Murrell wrote:
> On Wed, 2019-09-18 at 09:15 +0200, Jeroen Massar wrote:
>> Hi Folks,
> 
> Hi.
> 
>> While in the US soon all Firefox users will *NOT* use your DNS
>> Recursives configured using DHCP anymore
>> (NXDOMAIN use-application-dns.net to avoid that[1]).
> 
> What am I misunderstanding?  Isn't use-application-dns.net supposed to
> return A results until "defeated"?  I have not configured my own DNS
> server to NXDOMAIN that yet, however:

That just means that somebody broke that setup as it worked last week and was pointing to Github Pages serving:

https://github.com/agrover/global-canary/

Maybe Google does not want Mozilla/CloudFlare to get all the DoH queries? :)
Nah likely just a failure somewhere, as both are supported heavily by Google (if there was no competition then Google would truly have a monopoly in the browser market and that would be bad, at least with them funding Mozilla and CF through the backdoor it looks like it isn't a monopoly as there "is that other thing")



There is a little thread about that domain here on dns-operations:
https://lists.dns-oarc.net/pipermail/dns-operations/2019-September/019179.html

Currently though:

use-application-dns.net. 172800	IN	NS	ns-cloud-b1.googledomains.com.
use-application-dns.net. 172800	IN	NS	ns-cloud-b2.googledomains.com.
use-application-dns.net. 172800	IN	NS	ns-cloud-b3.googledomains.com.
use-application-dns.net. 172800	IN	NS	ns-cloud-b4.googledomains.com.


$ dig @ns-cloud-b1.googledomains.com. use-application-dns.net. a
[..]
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21669
...


that is from my test host, but of course, from my other hosts it nicely NXDOMAINs.... but those hosts also route 1.1.1.1/8.8.8.8/8.8.4.4 and the IPv6 equivalents and many other such IPs (OpenDNS, etc and even root servers) to the local anycasted edition.... cause I don't want that in my networks.

Then again, as that makes me not a sheep, I am likely more visible anyway...[1]

Greets,
 Jeroen

[1] https://jeroen.massar.ch/presentations/vid/27C3-JeroenMassar-HowTheInternetSeesYou/

• Previous message (by thread): DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
• Next message (by thread): DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]