On 2018-10-30 00:25, Bill Woodcock wrote:
On Oct 29, 2018, at 1:16 AM, Gregor Riepl <[email protected]> wrote:
It seems like Salt is no longer supplying their own DNS servers when
establishing an LTE connection. Instead, the network responds with
Google DNS
servers (8.8.8.8 8.8.4.4).
I'd rather not send all my DNS requests to Google.
Perhaps it's time to switch to private resolvers everywhere, if not
even ISPs
are providing that service any more…
For what it’s worth, there’s a Quad9 server cluster in Zurich, and
unlike Google, Quad9 is GDPR-compliant. As someone will certainly
point out, it’s also subject to US law, but is a public-benefit
not-for-profit corporation, and US law doesn’t compel an organization
to turn over data which isn’t collected in the first place. And Quad9
is GDPR-compliant because it doesn’t collect source IP addresses in
the first place.
How can something be "GDPR compliant" when no consent is given at all?
(or have you layered HTTP on top of DNS to provide a 20-pager of
legalise that nobody can be bothered to read as it will change at a
moment's notice?).
Stating "it doesn’t collect source IP addresses" means "but we collect
everything else". Likely doing Passive DNS style things at minimum.
IP addresses, especially sources, sometimes also appear in the label,
simply because some weird CDNs/ISPs will encode the source IP for
'geo-dns' or 'loadbalancing' reasons in the label. Are you stripping
those?
And then there are RBLs, and reverse-IPs in general. Do you filter
those? or do you track those IP Addresses anyway, as that exposes the
other side of the connection....
There are many reasons why so many of the public DNS resolvers popped
up: one of them is the amount of data that can be extracted from it.
Even if it is just the weird domains people look at (and then crawl
those, as they where not known yet), or statistics like "in that ASN
people look at Netflix, but less at Youtube".
Please stop centralizing this Internet thing....
Greets,
Jeroen
And yes, we recommend anyone who has the capacity to do so run their
own resolver rather than using _any_ external resolver. Something
like 95% of Quad9’s users are behind their own caching resolvers.
-Bill
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
