Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday November 21 2017, @12:59PM   Printer-friendly
from the promise-we-won't-peek dept.

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.

The Quad9 DNS service, at 9.9.9.9, not only turns URIs into IP addresses, but also checks them against IBM X-Force's threat intelligence database. Those checks protect agains landing on any of the 40 billion evil sites and images X-Force has found to be dangerous.

The Alliance (GCA) was co-founded by the City of London Police, the District Attorney of New York County and the Center for Internet Security and styled itself "an international, cross-sector effort designed to confront, address, and prevent malicious cyber activity."

[...] The organisation promised that records of user lookups would not be put out to pasture in data farms: "Information about the websites consumers visit, where they live and what device they use are often captured by some DNS services and used for marketing or other purposes", it said. Quad9 won't "store, correlate, or otherwise leverage" personal information.

[...] If you're one of the lucky few whose ISP offers IPv6, there's a Quad9 resolver for you at 2620:fe::fe (the PCH public resolver).

https://www.theregister.co.uk/2017/11/20/quad9_secure_private_dns_resolver/

takyon: Do you want to give the City of London Police control of your DNS?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by WizardFusion on Tuesday November 21 2017, @01:13PM (6 children)

    by WizardFusion (498) Subscriber Badge on Tuesday November 21 2017, @01:13PM (#599620) Journal

    I am already blocking over 950,000 domain using a Pi-Hole install.
    It covers almost everything I need

    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Tuesday November 21 2017, @01:16PM (2 children)

    by Anonymous Coward on Tuesday November 21 2017, @01:16PM (#599621)

    One doesn't need a DNS as such [stackexchange.com]

    • (Score: 2) by ledow on Tuesday November 21 2017, @01:20PM (1 child)

      by ledow (5567) on Tuesday November 21 2017, @01:20PM (#599623) Homepage

      Yup.

      And I think if DNSSec etc. drag their feet for much longer (might be "there", but it's certainly nowhere near mainstream) then something like a DHT DNS will pop up in its stead.

      I can only think that's a good thing. Maybe then all the price-gouging TLDs will stop, and you will be able to have control of your DNS records without having to run a bucket of nameservers.

      But until then, DNS has a long life ahead of it, I think.

      And another public DNS server that's easy to remember isn't a bad thing. Whether or not you care about snooping.

      • (Score: 0) by Anonymous Coward on Tuesday November 21 2017, @06:10PM

        by Anonymous Coward on Tuesday November 21 2017, @06:10PM (#599760)

        It already happened, and AFAIK is stillborn.

        The idea behind it was you mined for credits which in turn could be used to register/renew domains. The limits on what you could register/renew related to how much coin you mined and as a result how much cpu/bandwidth/verification you provided to keep the rest of the network running smoothly.

        A few people have talked about forking it, or re-implementing it for p2p anonymity network usage, but nothing has come from it yet.

  • (Score: 2) by requerdanos on Tuesday November 21 2017, @06:08PM (2 children)

    by requerdanos (5997) Subscriber Badge on Tuesday November 21 2017, @06:08PM (#599759) Journal

    I am already blocking over 950,000 domain using a Pi-Hole install. It covers almost everything I need

    I have a hosts file built by a bash script filtering several of the hosts-file.net lists with a local whitelist: 693,727 lines in the resulting /etc/hosts file. "Pretty good" if I do say so.

    However - this approach failed miserably on a windows 8 laptop on my network. Installing this hosts file resulted in windows becoming about ten thousand times slower. I eventually had to boot rescue linux to delete the darned hosts file from the thing.

    Looks like pi-hole would fix that problem nicely, as might using 9.9.9.9 for DNS.

    • (Score: 3, Interesting) by edIII on Tuesday November 21 2017, @07:59PM (1 child)

      by edIII (791) on Tuesday November 21 2017, @07:59PM (#599832)

      Windows sucks ass to begin with, but you are far better off running your own recursive DNS server with something like pfsense. I had about 5 or 6 Windows boxes I needed to manage at a relatives home, and instead of trying to manage their hosts files, I just went with stopping the shit at the router. How do you put a hosts file on an embedded device? That's primarily why I decided to do it. Then after hooking it all up, enabling the recursive DNS server, and setting up some adblocking stuff, it was reported that I was even stopping ads on their Kindles, phones, etc.

      That way Windows wasn't responsible and you don't need a super slow box. It's not just a big hosts file either. I had an office machine for graphics and documentation that I loaded up at least 30,000 fonts :) Windows boot time went to something like 10 minutes and the whole box was hilariously slow.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 2) by requerdanos on Thursday November 23 2017, @01:50PM

        by requerdanos (5997) Subscriber Badge on Thursday November 23 2017, @01:50PM (#600652) Journal

        even stopping ads on their Kindles, phones, etc.

        Well, for what it's worth, pi-hole is doing this very well, running on a tricked-out olinuxino lime2.

        Day 3 problem: User complaint I received: "Honey, [my pirate video site] isn't working anymore. Can you take me off that thing?"