[clug] Trusted Recursive Resolver
Bryan Kilgallin
kilgallin at iinet.net.au
Mon Aug 6 03:03:36 UTC 2018
{If you are in IT, you have likely heard already about the SPOF, the
single point of failure. If the SPOF breaks (like a router), the whole
infrastructure will collapse. What Mozilla effectively does is adding a
SPOF for all of their users. But the main problem is not that if
cloudflare is down that nobody can surf anymore. No, the real problem is
that it fully disables anonymity. Think about a whistleblowler who wants
to send information to a newspaper. In the days before Mozilla's change,
the DNS resolution was local and could be attacked. However with
Mozilla's change, all DNS requests are seen by Cloudflare and in turn
also by any government agency that has legal right to request data from
Cloudflare.
Let's stop here for the moment and repeat: With Mozilla's change, any
(US) government agency can basically trace you down.
If there is anything wrong with your government (for instance
corruption, collusion or fraud) and you have information to publish
about it, the government will be able to trace you down. This puts any
whistleblower at risk.}
{Update #1: How to turn TRR off
User rendx nicely described on hackernews how to turn off TRR and we
want to share this info with you:
Enter about:config in the address bar
Search for network.trr
Set network.trr.mode = 5 to completely disable it}
https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/
--
members.iinet.net.au/~kilgallin/
More information about the linux
mailing list