On Tue, Dec 24, 2013 at 10:25:06AM -0500, Kenneth R Westerback wrote: > On Mon, Dec 23, 2013 at 02:37:47PM +0100, Peter J. Philipp wrote: > > I'm trying to track down the code in the libasr that causes this behaviour: > > > > Whenever I go to a IPv4 site and IPv6 query is made for domain+mydomain > > like a search. So with logging turned on, on my nameserver I get this: > > > > pjp@americas$ grep canoe.ca.centroid.eu /var/log/all > > Dec 20 17:00:37 americas wildcarddnsd[29850]: request on descriptor 17 > > interface "em0" from 212.114.242.132 (ttl=54, region=255) for > > "chealth.canoe.ca.centroid.eu." type=AAAA(28) class=1, answering "NXDOMAIN" > > > > The problem is that my nameservers are in china and latin america and > > I'M sorta worried about these leaks. This particular log came from my > > nameserver in panama and the packet passes miami. > > I'm not clear on what the leak you are worried about is. > > .... Ken
Hi Ken, Merry Christmas! I was browsing http://chealth.canoe.ca when I saw the above log. I'm supposing the resolver looks up chealth.canoe.ca, and then eventually does a lookup for chealth.canoe.ca.centroid.eu. centroid.eu is the domain I configured in resolv.conf by means of DHCP. I'm wondering why it does that though? Someone in the US, like the NSA, can then sit back and see my browsing habits, which I call a leak. I'm hoping on finding the knob that turns this off. The leak wouldn't happen if my centroid.eu nameservers were just in .de but then you can just replace NSA with BND the german intelligence sniffers (s/NSA/BND). I'd really just rather replace the function that allows chealth.canoe.ca.centroid.eu lookup to exit my DSL as all that should exit is a lookup for just chealth.canoe.ca, which takes a different lookup path in the Internet. Regards, -peter > > > > My resolv.conf file looks like this on the workstation here in germany: > > > > jupiter$ more /etc/resolv.conf > > # Generated by re0 dhclient > > search centroid.eu > > nameserver 192.168.34.1 > > domain centroid.eu > > lookup file bind > > family inet6 inet4 > > > > > > The leak only happens with AAAA queries, like said. Any hints on > > tracking this down and squelching it? > > > > Regards, > > > > -peter
