LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Is it safe to use Google's DNS?
From:	Bry8 Star <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 21 Feb 2013 10:28:29 +0000
Content-Type:	multipart/signed
Parts/Attachments:	text/plain (2192 bytes) , signature.asc (199 bytes)

Unfortunately, Google Inc, does not respect Privacy rights enough.
Power, Money, etc causes/results all "Google DNS Service" user's all
queries to be SHARED with various other entities, and all user's all
queries are STORED almost indefinitely in multiple locations, with
various other entities.

They/Google should show+place a notice on their Google DNS Service
home-page, that, ... "Google/we do not keep or store query logs in
any form, nor do we allow anyone else to do such using our resources
or via going through us. And Google/we do not share this service
related any data with anyone else."
(i do not think, that will happen any time soon, guaranteed).

further response placed below in between prev mail.

Received from curriegrad2004, on 2013-02-21 7:28 AM:
> From a security perspective, I would seriously not even bother 
> querying anybody's DNS servers but rather have BIND to become a
> full recursive DNS server using only the root hints provided by
> IANA.
> 

I agree with this suggestion.

Keep your queries/logs, no matter what it is, to yourself. Simple
configuration of BIND (or any other DNS Server or Resolver
software), allows anyone (in a server or in a PC) to use their own
DNS Server/Resolver.

> 
> Unless frontier is hijacking DNS (port 53) traffic, I'd strongly 
> recommend using the method mentioned above.
> 
> On Wed, Feb 20, 2013 at 10:16 PM, Todd And Margo Chester 
> <[log in to unmask]> wrote:
>> Hi All,
>> 
>> I can not get frontier's DNS servers to resolve 
>> releases.mozilla.org.  So, in my /etc/named.conf I commented
>> out frontier's DNS servers and substituted Google's (8.8.8.8)
>> and Open DNS' (208.67.222.222).
>> 
>> # forwarders { 216.67.192.3; 74.40.37.242; }; # forwarders {
>> 74.40.74.40; 74.40.74.41; }; forwarders { 8.8.8.8;
>> 208.67.222.222; };
>> 
>> Am I making a security mistake here?
>> 

Yes.

If you must have to use external 3rd party DNS Servers, then
search/find which pre-notifies that they do not FILTER and they do
not LOG/STORE any queries. Use such.

Unless, you yourself want to be filtered & censored, (for example,
your current list item 208.67.222.222, etc are known for FILTERing &
CENSORing as well) and happy about it.

>> Many thanks,
>> -T

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV