Thanks to all who responded !
Yes, removing my Forwarders list did the trick .
Never trust an ISP's DNS servers!
Best Regards,
Jason
On 08/01/2022, Jason Vas Dias <jason.vas.d...@gmail.com> wrote:
>
> Good day -
>
> I use BIND v9.16.24-1.fc34 on a fully up-to-date Fedora 34
> x86_64 installation as a 'Caching-Only Nameserver', and
> to serve a few local zones ( devices attaching to my
> hostapd wireless network for instance ), and to serve
> a DNS RPZ zone to direct adware / spyware hosts to 0.0.0.0.
>
> My Internet Connection is as follows:
>
> ( GSM 4g/3g modem
> WAN IP DHCP address provided by eir.com, with
> nameservers: 159.134.0.11; 159.134.0.12;
> served by DHCP
> Does DHCP and NAT for DHCP leased addresses
> ) ||
> || 100m Cat6 Ethernet Cable
> ||
> ( My Linux Laptop's Dell Thunderbolt Ethernet port
> Gets DHCP address from Modem.
>
> Hostapd provides Access Point to @ 4 devices
> connecting via DHCP; does NAT for this wireless
> DHCP subnet to the modem assigned DHCP address.
> ) / | \
> ( several Android units for testing ...)
>
> So I copy the DNS server addresses my ISP gives the
> modem with DHCP into my named.conf's forwarders clause:
>
> forwarders { 159.134.0.11; 159.134.0.12; } ;
>
> This has seemed to work fine up til now.
>
> Now, when I try to access the Irish Health & Safety
> Executive's (HSE) website to make a Coronavirus
> booster appointment, as advertised on its web-page:
>
>
> https://www2.hse.ie/screening-and-vaccinations/covid-19-vaccine/get-the-vaccine/booster-booking/
>
> where one is meant to click on the link:
>
> "Book An Appointment": https://covid19booster.healthservice.ie/
>
> to make an appointment, Firefox and Chrome both return
> "Server Not Found" errors .
>
> Running 'host' and 'dig' show NO DNS records for this address:
>
> # host covid19booster.healthservice.ie
> Host covid19booster.healthservice.ie not found: 3(NXDOMAIN)
>
> # dig covid19booster.healthservice.ie @159.134.0.11
>
> ; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @159.134.0.11
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5751
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: d8709a304768c6c62d5def9761d9a5a5a7041a24829eafd0 (good)
> ;; QUESTION SECTION:
> ;covid19booster.healthservice.ie. IN A
>
> ;; AUTHORITY SECTION:
> healthservice.ie. 8946 IN SOA ns1.ie.topsec.com.
> hostmaster.topsec.com.
> 2022010601 3600 1200 3628800 10800
>
> ;; Query time: 46 msec
> ;; SERVER: 159.134.0.11#53(159.134.0.11)
> ;; WHEN: Sat Jan 08 14:58:38 GMT 2022
> ;; MSG SIZE rcvd: 152
>
>
> # dig covid19booster.healthservice.ie @159.134.0.12
>
> ; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @159.134.0.12
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64814
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 367dae8c9918d4ae9b2b923761d9a6a0d321e2a74da293d9 (good)
> ;; QUESTION SECTION:
> ;covid19booster.healthservice.ie. IN A
>
> ;; AUTHORITY SECTION:
> healthservice.ie. 9549 IN SOA ns1.ie.topsec.com.
> hostmaster.topsec.com.
> 2022010601 3600 1200 3628800 10800
>
> ;; Query time: 42 msec
> ;; SERVER: 159.134.0.12#53(159.134.0.12)
> ;; WHEN: Sat Jan 08 14:58:40 GMT 2022
> ;; MSG SIZE rcvd: 152
>
> To show this configuration does work for other addresses:
>
> # dig www.kernel.org
>
> ; <<>> DiG 9.16.24-RH <<>> www.kernel.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40744
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: aa286ca3eb2f9d1d0100000061d9a70bded0d6956f6f711c (good)
> ;; QUESTION SECTION:
> ;www.kernel.org. IN A
>
> ;; ANSWER SECTION:
> www.kernel.org. 60 IN CNAME geo.source.kernel.org.
> geo.source.kernel.org. 60 IN CNAME ams.source.kernel.org.
> ams.source.kernel.org. 3462 IN A 145.40.68.75
>
> ;; Query time: 114 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Sat Jan 08 15:00:27 GMT 2022
> ;; MSG SIZE rcvd: 140
>
>
>
> Visiting internic.net's whois server shows no records for
> covid19booster.healthservice.ie, but instead these
> error messages are displayed:
>
> Whois Lookup 'covid19booster.healthservice.ie':
> "
> No registry RDAP server was identified for this domain. Attempting
> lookup using WHOIS service.
>
> Failed to perform lookup using WHOIS service: TLD_NOT_SUPPORTED
> "
>
> As a result, I am unable to make a Covid Booster appointment , and as
> my Covid certificate is soon to expire I will soon lose my rights
> to travel, use public transport, shops, restaurants etc. who all
> now require a current Covid Vaccination Certificate to enable use of
> these
> services - I will be a third-class citizen, trapped in my 20-mile
> radius locality, unable to use shops ...
>
> Of course, the HSE.IE, in common with all Western Government
> institutions these days, is a 100% Web-Site driven venture,
> their phone numbers are unanswered, they do not respond to
> emails, letters, or their Web Complaints Form, and as a
> result my human rights are about to be suspended, and
> there is no means of appeal ( though I am considering taking
> the HSE to the European Court of Human Rights about this ... ).
>
> However, I noticed my Android mobile phone, when it is not connected
> to my Laptop, CAN resolve 'covid19booster.healthservice.ie', because
> it uses Google's DNS server '8.8.8.8' .
>
> So it appears that human rights and Covid protection in Ireland are
> only granted to users of Google's DNS servers.
>
> Indeed, when I ask my laptop's dig to query Google's 8.8.8.8
> server, this succeeds:
>
> # dig covid19booster.healthservice.ie @8.8.8.8
>
> ; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @8.8.8.8
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35984
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;covid19booster.healthservice.ie. IN A
>
> ;; ANSWER SECTION:
> covid19booster.healthservice.ie. 3144 IN
> CNAME hse-self-referral.swiftqueue.com.
> hse-self-referral.swiftqueue.com. 40 IN A 52.50.21.250
> hse-self-referral.swiftqueue.com. 40 IN A 52.214.178.78
>
> ;; Query time: 52 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Sat Jan 08 15:12:58 GMT 2022
> ;; MSG SIZE rcvd: 138
>
>
> So the Irish Government Healthcare system's website is ONLY accessable
> to users of Google's DNS servers.
>
> But I don't want to use Google's DNS servers to allow
> Google to spy on my web activity on my laptop.
>
> I thought the DNS was meant to be global, and publically available ?
>
> What has changed in this regard ?
>
> What secret sauce do Google DNS servers have that is not
> available to servers run by other operators ?
>
> How can I query the "Google Only" Secret Web, without giving information
> to
> Google ?
>
> Who should I sue about this ?
> Either :
> A) My ISP, for not giving me access to the whole
> internet & DNS system, for which I pay them
> €50 per month ;
>
> B) HSE, for discriminating against those who
> do not use Google DNS services, denying them
> access to Covid vaccination appointments ;
>
> C) Google, for destroying the 'global, publically available'
> nature of the DNS and Internet, and for hiding essential
> health information from non-Google users ?
> I guess they'd prefer non-Google users to just die off soon.
>
> D) All of the above
>
> Anyone interested in joining a class action lawsuit about this ?
>
> If anyone could please suggest a way of resolving names like
> 'covid19booster.healthservice.ie' without using Google's DNS
> servers, please let me know, I'd be much obliged.
>
> Thank You & Best Regards,
> Happy New Year in a Brave New World,
> Jason
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
