"Google, this is bogus as hell," Paul Vixie ranted on Internet Engineering Task Force mail list this week. The IETF mail list is where the people who create the internet's technologies converse.
The post was noticed because Paul Vixie is an Internet Hall of Fame engineer known for his pioneering work on the modern Domain Name Service (DNS).
And it is how Google was using DNS in its Chromecast Ultra streaming device that ticked him off.
[...] [Vixie] bought a Google Chromecast. But when he went to set it up, he found it doing something no device in his network is allowed to do: It wouldn't use his own, private DNS server. It would only use Google's public server.
Related: Paul Vixie: New TLDs a Money Grab, and a Mistake
VLC 3.0.0 Released, With Better Hardware Decoding and Support for HDR, 360-Degree Video, Chromecast
Paul Vixie on the Benefits of Running DNS Services Locally
(Score: 1) by Tokolosh on Sunday February 17 2019, @03:14PM (3 children)
I'm not a network guru, so please explain how your boundary firewall knows what is a DNS request, and what is not? What if they are encrypted? Can DNS use only port 53? If so, why and how? What if you have IPv6 only? In summary, are there ways that DNS could circumvent your firewall and server? TIA
(Score: 2) by Whoever on Sunday February 17 2019, @05:41PM (2 children)
DNS exclusively uses port 53.
Mostly, it uses UDP, but bigger queries will use TCP.
(Score: 2, Interesting) by Tokolosh on Monday February 18 2019, @03:35AM (1 child)
What's to stop Google setting up a resolver to answer queries on port 54, and hard-coding that into a Chromecast?
(Score: 2) by Whoever on Monday February 18 2019, @04:12AM
A restrictive firewall may not allow the outgoing queries on port 54.
They might have more success with port 443 -- and there is already a standard for this: RFC 8484 [ietf.org]