nanog mailing list archives
Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users
From: Jeroen Massar <jeroen () massar ch>
Date: Wed, 18 Sep 2019 12:51:53 +0200
On 2019-09-18 12:24, Brian J. Murrell wrote:
On Wed, 2019-09-18 at 09:15 +0200, Jeroen Massar wrote:Hi Folks,Hi.While in the US soon all Firefox users will *NOT* use your DNS Recursives configured using DHCP anymore (NXDOMAIN use-application-dns.net to avoid that[1]).What am I misunderstanding? Isn't use-application-dns.net supposed to return A results until "defeated"? I have not configured my own DNS server to NXDOMAIN that yet, however:
That just means that somebody broke that setup as it worked last week and was pointing to Github Pages serving: https://github.com/agrover/global-canary/ Maybe Google does not want Mozilla/CloudFlare to get all the DoH queries? :) Nah likely just a failure somewhere, as both are supported heavily by Google (if there was no competition then Google would truly have a monopoly in the browser market and that would be bad, at least with them funding Mozilla and CF through the backdoor it looks like it isn't a monopoly as there "is that other thing") There is a little thread about that domain here on dns-operations: https://lists.dns-oarc.net/pipermail/dns-operations/2019-September/019179.html Currently though: use-application-dns.net. 172800 IN NS ns-cloud-b1.googledomains.com. use-application-dns.net. 172800 IN NS ns-cloud-b2.googledomains.com. use-application-dns.net. 172800 IN NS ns-cloud-b3.googledomains.com. use-application-dns.net. 172800 IN NS ns-cloud-b4.googledomains.com. $ dig @ns-cloud-b1.googledomains.com. use-application-dns.net. a [..] ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21669 ... that is from my test host, but of course, from my other hosts it nicely NXDOMAINs.... but those hosts also route 1.1.1.1/8.8.8.8/8.8.4.4 and the IPv6 equivalents and many other such IPs (OpenDNS, etc and even root servers) to the local anycasted edition.... cause I don't want that in my networks. Then again, as that makes me not a sheep, I am likely more visible anyway...[1] Greets, Jeroen [1] https://jeroen.massar.ch/presentations/vid/27C3-JeroenMassar-HowTheInternetSeesYou/
Current thread:
- DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Jeroen Massar (Sep 18)
- Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Brian J. Murrell (Sep 18)
- Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Jeroen Massar (Sep 18)
- Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Mike Hammett (Sep 18)
- Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Matt Corallo (Sep 18)
- RE: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Keith Medcalf (Sep 18)
- Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Curtis Maurand (Sep 27)
- Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users Brian J. Murrell (Sep 18)