On 2019-09-18 12:24, Brian J. Murrell wrote:
On Wed, 2019-09-18 at 09:15 +0200, Jeroen Massar wrote:
Hi Folks,
Hi.
While in the US soon all Firefox users will *NOT* use your DNS Recursives configured using DHCP anymore (NXDOMAIN use-application-dns.net to avoid that[1]).
What am I misunderstanding? Isn't use-application-dns.net supposed to return A results until "defeated"? I have not configured my own DNS server to NXDOMAIN that yet, however:
That just means that somebody broke that setup as it worked last week and was pointing to Github Pages serving: https://github.com/agrover/global-canary/ Maybe Google does not want Mozilla/CloudFlare to get all the DoH queries? :) Nah likely just a failure somewhere, as both are supported heavily by Google (if there was no competition then Google would truly have a monopoly in the browser market and that would be bad, at least with them funding Mozilla and CF through the backdoor it looks like it isn't a monopoly as there "is that other thing") There is a little thread about that domain here on dns-operations: https://lists.dns-oarc.net/pipermail/dns-operations/2019-September/019179.ht... Currently though: use-application-dns.net. 172800 IN NS ns-cloud-b1.googledomains.com. use-application-dns.net. 172800 IN NS ns-cloud-b2.googledomains.com. use-application-dns.net. 172800 IN NS ns-cloud-b3.googledomains.com. use-application-dns.net. 172800 IN NS ns-cloud-b4.googledomains.com. $ dig @ns-cloud-b1.googledomains.com. use-application-dns.net. a [..] ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21669 ... that is from my test host, but of course, from my other hosts it nicely NXDOMAINs.... but those hosts also route 1.1.1.1/8.8.8.8/8.8.4.4 and the IPv6 equivalents and many other such IPs (OpenDNS, etc and even root servers) to the local anycasted edition.... cause I don't want that in my networks. Then again, as that makes me not a sheep, I am likely more visible anyway...[1] Greets, Jeroen [1] https://jeroen.massar.ch/presentations/vid/27C3-JeroenMassar-HowTheInternetS...