[AusNOG] 1.1.1.1 DNS resolvers

Bill Woodcock woody at pch.net
Wed Apr 4 14:55:45 EST 2018



> On Apr 3, 2018, at 9:38 PM, Stephen Gillies <max at caretandstick.com.au> wrote:
> There are a number of DNS servers (commercial products) out there with the extra security integrated for blacklist/threatfeed/behavioural analysis/anti-tunnelling which are I guess more enterprise focused security features,

There are two that provide malware blocking, OpenDNS (now owned by Cisco and integrated into their Umbrella managed security platform) and Quad9.  OpenDNS is principally aimed at enterprise IT.  It works great.  It’s primarily security-focused.  Quad9...

> whereas something like quad-1^9 is surely for end users

…is principally aimed at end-users and SMB, and is primarily privacy-focused.  It’s the only major one which doesn’t collect user data (query source IP addresses and query payload).

> who are happy to give their passive DNS data to cloudflare and IBM?

Neither IBM nor any of the eighteen other threat-intel providers to Quad9, nor anyone else receives DNS data from Quad9, because it’s not collected in the first place.  Which also means it’s the only one not vulnerable to breach.  And it’s the only public one which will be legal in Europe come May 25.

1.1.1.1 is a “temporary research experiment” answering as-yet-unspecified questions, by APNIC Labs (Geoff) and Cloudflare, and collects user data.  There is no similarity between 1.1.1.1 and 9.9.9.9 other than the lengths of the IPv4 addresses.

> I find it difficult to understand why any telco would just to give away all that DNS browsing data to someone else to analyse and monetise?

Correct.  Telcos generally all outsource their recursive resolvers to monetization companies like Nominum, so they generally try to hijack the IP addresses of other popular recursive resolvers.  Which is why Quad9 was the first to implement DNS-over-TLS, so users could authenticate the server and protect themselves from having their traffic pcapped along the way.

                                -Bill  (Also Quad9 board chair)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180403/167f607c/attachment.sig>


More information about the AusNOG mailing list