On Tue, Aug 07, 2018 at 01:27:25PM -0700, Rick Moen wrote: > Quoting [email protected] ([email protected]): > > > Cloudflare is such an incredibly obvious intelligence agency ploy to > > gather data but no one talks about this. > > > > https://yro.slashdot.org/story/18/08/05/2353249/security-researchers-express-concerns-over-mozillas-new-dns-resolution-for-firefox > > Most highly rated comment: > > I run my own local recursive nameservers even on my portable > devices. Totally not interested in using anyone's resolvers but my own. > > Ding! > > 1. apt-get install unbound > 2. sed -i '1s;^;nameserver 127.0.0.1\n;' /etc/resolv.conf > 3. chattr +i /etc/resolv.conf > > Just kidding about step #3. If using dhclient, place into dhcpd.conf: > option domain-name-servers 127.0.0.1 > > Oh, and > 4: echo 'Admins are reminded that using your own recursive nameserver' > echo 'will prevent captive Wifi portals from hijacking your DNS long > echo 'enough to send you to a signon Web pages, and also some rare > echo 'and deliberately misshapen networks block outbound access to > echo 'user-specified external nameservers, to better control the user.' > > Above is IMO elementary self-protection and ought to be routine. Like, > y'know, offered by the OS installer. ;->
Unfortunately, running your local DNS does not help solving the problem, in this specific case, since Firefox would use an external service (which runs over HTTPS) to do name resolving, bypassing the system resolver altogether. So you have no weapon against it, apart from disabling the "feature". That's why this whole story is so wrong and nonsensical. However, it seems like the "feature" will not be enabled by default in the next Firefox. But I wouldn't be much surprised if Mozilla would change their mind. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
