Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enhanced privacy #16

Open
wft44maqb opened this issue Aug 22, 2021 · 8 comments
Open

enhanced privacy #16

wft44maqb opened this issue Aug 22, 2021 · 8 comments

Comments

@wft44maqb
Copy link

serverless-dns/wrangler.toml

Line 9 in 08cf14a

vars = { CF_CACHE_EXPIRY_DAYS = 1, CF_CONFIG_CMS_KEY = "", CF_INFO_CMS_KEY = "", CF_USER_CMS_CACHE_TIME = 0, CF_USER_CMS_TOSS_TIME = 0, CF_LOG_FIREHOSE_STREAM = "", CF_DEBUG_FIREHOSE_STREAM = "", CF_DNSCOUNT_FIREHOSE_STREAM = "", CF_DNSLOG_WAIT_TIME = 10000, CF_DNSCOUNT_WAIT_TIME = 15000, CF_LIVELOG_END_POINT = "", CF_USER_CONFIG_CACHE_TIME = 300000, CF_BLOCKLIST_URL = "https://bravepublic.s3.us-east-2.amazonaws.com/completeblocklist/", CF_LATEST_BLOCKLIST_TIMESTAMP = "1627901743446", CF_PROCESS_DNS_ON_DNSPARSER_EXCEPTION = false, CF_PROCESS_DNS_ON_SERVER_EXCEPTION = false, CF_ON_INVALID_FLAG_STOPPROCESSING = true, CF_DNS_RESOLVER_URL = "https://cloudflare-dns.com/dns-query"}

https://cloudflare-dns.com/dns-queryhttps://mozilla.cloudflare-dns.com/dns-query
@wft44maqb
Copy link
Author

then you can now enable the edns_client_subnet function~ ?

image

@ignoramous
Copy link
Contributor

ignoramous commented Aug 23, 2021
edited

Interesting. We could consider switching to Cloudflare's endpoint for Mozilla if we know for sure that Cloudflare would not block requests coming from non-Mozilla software.

Re: EDNS Client Subnet (ECS): RethinkDNS does not support it because the upstream resolver it uses (Cloudflare 1⁴) does not: See #9

Adding support for resolvers that do (like Quad9 9⁴ or Google 8⁴), is one way forward to enable ECS.

@wft44maqb
Copy link
Author

Re: EDNS Client Subnet (ECS): RethinkDNS does not support it because the upstream resolver it uses (Cloudflare 1⁴) does not: See #9 By adding support for resolvers that do (like Quad9 9⁴ or Google 8⁴), is one way to enabling ECS.

image

o...ic..

@ignoramous
Copy link
Contributor

@wft44maqb I take there is nothing to do for us here since it isn't clear if Cloudflare welcomes traffic from non-Mozilla software. Do you happen to have any references in this regard?

@wft44maqb
Copy link
Author

wft44maqb commented Aug 26, 2021
edited

@wft44maqb I take there is nothing to do for us here since it isn't clear if Cloudflare welcomes traffic from non-Mozilla software. Do you happen to have any references in this regard?

I have used it for more than a month and it works fine...

@wft44maqb
Copy link
Author

wft44maqb commented Aug 26, 2021
edited

I hope it can support ECS because I want to use NextDNS, which is also a member of the TRR program

https://wiki.mozilla.org/Trusted_Recursive_Resolver

@ignoramous
Copy link
Contributor

You can use NextDNS with the app today. With the resolver, we would add support for it in the coming months with #9

@ignoramous ignoramous mentioned this issue Aug 26, 2021
Closed
@ignoramous
Copy link
Contributor

ignoramous commented Jan 22, 2022
edited

We now support a secondary upstream doh resolver: CF_DNS_RESOLVER_URL_2 33e9107 Defaults to https://dns.google/dns-query

Current impl forwards a user-query to two upstreams now (primary viz. CF_DNS_RESOLVER_URL and secondary viz. CF_DNS_RESOLVER_URL_2) and returns back the results from whichever upstream responds back the fastest (borrowing a technique from The Tail at Scale ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ignoramous @wft44maqb