#itsalwaysdns — Public Fediverse posts

Heute war #DENIC an der Reihe, uns daran zu erinnern, was passiert, wenn auch nur ein Baustein unserer modernen, vernetzten Welt ausfällt.

#DigitaleResilienz #Resilienz #KRITIS #ItsAlwaysDNS

After setting up DNS over HTTPS, got curious how DNS leak test tools, which discover your DNS resolver, such as Browser Leaks, work :blobcatthinking:

Turns out, it's quite clever setup: while you are visiting browserleaks.com website, in the background it queries a number of hostnames generated especially for you, such as 9d0pafrc5tnu.dns4.browserleaks.net, 0zfannouveb4.dns4.browserleaks.org and so on.

Because the website generates those hostnames specifically for your session, it is able to associate your external IP to the hostnames you attempt to resolve.

Now because site operators controls authoritative name servers behind those generated hostnames - specifically ns2.browserleaks.net and ns1.browserleaks.net (also with .org), from logs they can check what exact DNS resolver asked for those unique hostnames.

Simply matching a resolver DNS that attempted to resolve those unique hostnames is enough to link it to your visit of a website session - it is often going to be the resolver of your internet service or virtual private network provider, unless you've explicitly changed your resolver to something else. Still, easily visible to authoritative DNS server.

Voila! No magic, just simple, nice setup :blobcatcheer:

Just think of how many fingerprinting schemes can big techs carry out to track you across the internet with vast compute resources available to them... :blobcatheadinitshands:

#itsalwaysdns #dns #resolver #dnsleak #survelliance #tracking #privacy

Setting up DNS over HTTPS (DoH) is so much more complicated than DNS over TLS (DoT) :blobcatthinking:

Funny enough Mozilla Firefox :firefox: supports DoH and sets it up on application level, while Android :android: uses DoT on operating system level :blobcatnerd:

#itsalwaysdns #dns #dot #doh #sysadmin #linuxadmin

It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

#itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

#itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

#itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

#itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

#itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

There is a reason this sticker is in the center of my laptop #DNS #Azure #AWS #itsalwaysdns #dnsfailure

Anyone else got problems with the DNS.WATCH servers? Seems like they're really slow but there's not even a contact on the website to inform them.

#dns #itadministration #networking #itsalwaysdns

ETA: Okay the below is fixed, but why would db.root not update when everything else does?

(it's on Debian)

-----

okay this is weird

the root hints file I have diffs identically to the one I just pulled down from the internic as a sanity check (other than the last updated date which is also weird)

but I'm getting this regardless:

named[1252171]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
named[1252171]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints

(and similar for the IP6, elided for space)

why

#bind #named #sysadmin #ItsAlwaysDNS #why