On Wed, Aug 08, 2018 at 01:30:30PM +0200, Antony Stone wrote: > On Tuesday 07 August 2018 at 22:27:25, Rick Moen wrote: > > > Quoting [email protected] ([email protected]): > > > Cloudflare is such an incredibly obvious intelligence agency ploy to > > > gather data but no one talks about this. > > > > > > https://yro.slashdot.org/story/18/08/05/2353249/security-researchers-expr > > > ess-concerns-over-mozillas-new-dns-resolution-for-firefox > > > > Most highly rated comment: > > > > I run my own local recursive nameservers even on my portable > > devices. Totally not interested in using anyone's resolvers but my own. > > Indeed. > > I do wonder what provision Mozilla have made (or have they?) for intranet > servers, where the local DNS server is the *only* machine capable of > resolving > certain hostnames. >
Very easy: it will use a well-known-host (cloudfare) to which it will direct all name resolution requests in specially-crafted HTTPS packages, and fall back to the system resolver if that fails. That's the whole point, that most of the people are still missing, and that's why any special arrangmenet for name resolution is absolutely *useless*. But please, read more yourself about the issue, and forget the "easy" solutions based on forcing specific DNS servers or filtering specific IPs, since cludfare is a global CDN, that serves more and more websites. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
