On 2018-10-30 00:25, Bill Woodcock wrote:
On Oct 29, 2018, at 1:16 AM, Gregor Riepl onitake@gmail.com wrote: It seems like Salt is no longer supplying their own DNS servers when establishing an LTE connection. Instead, the network responds with Google DNS servers (8.8.8.8 8.8.4.4). I'd rather not send all my DNS requests to Google. Perhaps it's time to switch to private resolvers everywhere, if not even ISPs are providing that service any more…
For what it’s worth, there’s a Quad9 server cluster in Zurich, and unlike Google, Quad9 is GDPR-compliant. As someone will certainly point out, it’s also subject to US law, but is a public-benefit not-for-profit corporation, and US law doesn’t compel an organization to turn over data which isn’t collected in the first place. And Quad9 is GDPR-compliant because it doesn’t collect source IP addresses in the first place.
How can something be "GDPR compliant" when no consent is given at all? (or have you layered HTTP on top of DNS to provide a 20-pager of legalise that nobody can be bothered to read as it will change at a moment's notice?).
Stating "it doesn’t collect source IP addresses" means "but we collect everything else". Likely doing Passive DNS style things at minimum.
IP addresses, especially sources, sometimes also appear in the label, simply because some weird CDNs/ISPs will encode the source IP for 'geo-dns' or 'loadbalancing' reasons in the label. Are you stripping those?
And then there are RBLs, and reverse-IPs in general. Do you filter those? or do you track those IP Addresses anyway, as that exposes the other side of the connection....
There are many reasons why so many of the public DNS resolvers popped up: one of them is the amount of data that can be extracted from it.
Even if it is just the weird domains people look at (and then crawl those, as they where not known yet), or statistics like "in that ASN people look at Netflix, but less at Youtube".
Please stop centralizing this Internet thing....
Greets, Jeroen
And yes, we recommend anyone who has the capacity to do so run their own resolver rather than using _any_ external resolver. Something like 95% of Quad9’s users are behind their own caching resolvers.
-Bill
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog