Social 📸 Photography

Kevin Karhan :verified:Thx <a href="https://ohai.social/@lina" class="u-url mention" rel="nofollow noopener" target="_blank">@lina</a> for exposing the <a href="https://infosec.space/tags/Copyrightmafia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copyrightmafia</a>'s <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a>-based <a href="https://infosec.space/tags/internetcensorship" class="mention hashtag" rel="nofollow noopener" target="_blank">#internetcensorship</a>: <a href="https://cuiiliste.de" rel="nofollow noopener" translate="no" target="_blank">https://cuiiliste.de</a><ul><li>I really should test the <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#API</a> more: <a href="https://api.cuiiliste.de" rel="nofollow noopener" translate="no" target="_blank">https://api.cuiiliste.de</a></li></ul>As for circumvention: Just use <a href="https://infosec.space/tags/OpenNIC" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenNIC</a>'s <a href="https://github.com/greyhat-academy/lists.d/blob/df41ea6a5320f0a895b801145efe0ea6d2e9ea33/dns.servers.list.tsv#L2" rel="nofollow noopener" target="_blank">DNS servers</a>...<ul><li>Personally <a href="https://lina.sh/blog/cuii-gives-up" rel="nofollow noopener" target="_blank">I'm not as enthusiastic</a> as to claim <a href="https://infosec.space/tags/CUIi" class="mention hashtag" rel="nofollow noopener" target="_blank">#CUIi</a> <a href="https://netzpolitik.org/2025/die-cuii-gibt-auf-fuer-netzsperren-braucht-es-jetzt-einen-gerichtsentscheid/" rel="nofollow noopener" target="_blank">is done</a> because not only ain't they forced to remove any blockages but also they marginally changed their process.</li></ul>The sheer <a href="https://infosec.space/tags/Zensursula" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zensursula</a>-Style bullshit is the <a href="https://infosec.space/tags/IllicitActivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#IllicitActivity</a>! <a href="https://infosec.space/tags/ISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISP</a>|s should have no right to interfere with any traffic (except to defend their own infrastructure from getting hacked) unless explicitly requested by customers to do so.<ul><li>And now <a href="https://infosec.space/tags/ISPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISPs</a> like <a href="https://infosec.space/tags/O2" class="mention hashtag" rel="nofollow noopener" target="_blank">#O2</a> want to sell <a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechIlliterate</a> <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#business</a> clients the idea that fucking around with <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> is somehow "<a href="https://infosec.space/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a>" for which they want to <a href="https://www.o2business.de/cloud-sicherheit/cybersicherheit/webguard/" rel="nofollow noopener" target="_blank">charge clients a premium and make it opt-out!</a> when <a href="https://mastodon.social/@quad9dns" class="u-url mention" rel="nofollow noopener" target="_blank">@quad9dns</a> offers the same <a href="https://quad9.net/service/threat-blocking/" rel="nofollow noopener" target="_blank">for free</a> [and I'm certain they just use <a href="https://infosec.space/tags/quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#quad9</a>'s filtered DNS and slap CUII's <a href="https://infosec.space/tags/blocklist" class="mention hashtag" rel="nofollow noopener" target="_blank">#blocklist</a> <a href="https://api.cuiiliste.de/blocked_domains" rel="nofollow noopener" target="_blank">on top.</a>]!</li></ul>I do wish <a href="https://mastodon.social/@ooni" class="u-url mention" rel="nofollow noopener" target="_blank">@ooni</a> would take a look at the <a href="https://api.cuiiliste.de/blocked_domains" rel="nofollow noopener" target="_blank">CUII blocklist</a> and add that to their <a href="https://infosec.space/tags/OONIprobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#OONIprobe</a> to test for.

JdeBP[…Continued]<a href="https://mastodonapp.uk/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a>, <a href="https://mastodonapp.uk/tags/GooglePublicDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePublicDNS</a>, and my ISP all appeared to respect their capped TTLs; having cache misses when the TTLs reached zero. Unsurprisingly.I know, both from prior experience and having seen the code, that the on-machine cache respects its TTLs in like manner.Anyone expecting this (quite conventional) behaviour would be greatly misled by CloudFlare, however.Quad9 and Google Public DNS were better than <a href="https://mastodonapp.uk/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a>, in retention time or amount of re-population needed to fill every cache behind the anycast; but they with their more aggressive TTL capping got nowhere near as long an interval between cache misses that the on-machine cache has.CloudFlare, however, in fact incurred cache misses multiple times per hour, at one point fetching anew on *all* of its caches after a mere 10 minute gap when the test was halted. The TTLs never even managed to count down to 41 days before there was a (sometimes global!) cache miss.<a href="https://mastodonapp.uk/tags/DomainNameSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNameSystem</a> <a href="https://mastodonapp.uk/tags/BendersTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#BendersTest</a>

JdeBP[…Continued]The pattern is not ideal, because the anycasting is of course determined by moment-to-moment circumstances; but the multiple descending series of TTL values revealed that:My ISP had at least 3 caches behind 2 apparent IP addresses.<a href="https://mastodonapp.uk/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> and <a href="https://mastodonapp.uk/tags/GooglePublicDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePublicDNS</a> had at least 8 caches behind 2 apparent IP addresses.<a href="https://mastodonapp.uk/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> had at least 2 caches behind 2 apparent IP addresses, but it was not as simple as 1 cache per IP address. Sometimes they swapped, or gave identical results.[Continued…] <a href="https://mastodonapp.uk/tags/DomainNameSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNameSystem</a> <a href="https://mastodonapp.uk/tags/BendersTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#BendersTest</a>

JdeBP[…Continued]Everyone properly counted down the TTLs.Only the on-machine cache counted down monotonically as expected, however. The others had TTLs that counted down in the long term but jumped up and down in the short term.There was a discernable pattern, thanks to the 10 second loop interval in my test. There were multiple series of descending TTLs, swapping in and out.This pattern revealed that there are multiple caches behind anycast, even at my ISP; those caches not sharing data. They each get separately populated during the first few test loop iterations and re-populated.[Continued…] <a href="https://mastodonapp.uk/tags/DomainNameSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNameSystem</a> <a href="https://mastodonapp.uk/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> <a href="https://mastodonapp.uk/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> <a href="https://mastodonapp.uk/tags/GooglePublicDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePublicDNS</a> <a href="https://mastodonapp.uk/tags/BendersTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#BendersTest</a>

JdeBP[…Continued]The on-machine cache capped the 42 day TTL down to 1 week, as documented.There was no pressure to evict the resource record set, even though the machine was not dedicated to just the test and other use was being made of the on-machine cache. There was no cache miss at all after the first one.My ISP's proxy DNS servers also capped the TTL down to 1 week, interestingly.Only <a href="https://mastodonapp.uk/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> passed through the original 42 day TTL. The high TTLs might lead one to conclude that CloudFlare thus cached the longest and best. In reality it cached the shortest and worst, more on which in a moment.<a href="https://mastodonapp.uk/tags/GooglePublicDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePublicDNS</a> and <a href="https://mastodonapp.uk/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> capped the 42 day TTL the most aggressively, the former reducing to a couple of days, the latter to a mere 12 hours. They turned out to do better than CloudFlare, however.[Continued…] <a href="https://mastodonapp.uk/tags/DomainNameSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNameSystem</a> <a href="https://mastodonapp.uk/tags/BendersTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#BendersTest</a>

JdeBP[…Continued]The latency of the on-machine server, the total transaction time, was always in single milliseconds after the single very first cache miss query.The actual latencies of all of the <a href="https://mastodonapp.uk/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a>, <a href="https://mastodonapp.uk/tags/GooglePublicDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePublicDNS</a>, and <a href="https://mastodonapp.uk/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> public proxy DNS servers were in tens of milliseconds for cache hits.My ISP's proxy DNS servers are 6 hops away, and also had an actual latency in the tens of milliseconds, but slightly shorter than those of the third-party ones. None of the third-party ones are in fact closer than 7 hops away. The latency to the relevant content DNS server was in the hundreds of milliseconds, and the latencies of the third-party proxy DNS servers when they had cache misses were between this and twice this.[Continued…] <a href="https://mastodonapp.uk/tags/DomainNameSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNameSystem</a> <a href="https://mastodonapp.uk/tags/BendersTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#BendersTest</a>

JdeBPIf you thought that using a third-party public resolving proxy DNS server gained you economies of scale because you shared a cache with other people, think again.I ran Bender's Test (<a href="https://news.ycombinator.com/item?id=44534938" rel="nofollow noopener" translate="no" target="_blank">https://news.ycombinator.com/item?id=44534938</a>) in a loop, once every 10 seconds, intermittently over a couple of days.I added an on-machine resolving proxy DNS server on 127.0.0.1, my ISP's proxy DNS servers, and <a href="https://mastodonapp.uk/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a>'s, <a href="https://mastodonapp.uk/tags/GooglePublicDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePublicDNS</a>'s, and <a href="https://mastodonapp.uk/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a>'s 2nd IP addresses to Bender's set. Results reveal that if one conflates latency with cache misses, or claims that there must be better cache hits compared to using one's own proxy DNS server on-machine (or even on-LAN), one hasn't a clue as to the quite different reality of these third-party public DNS servers.In detail:[Continued…] <a href="https://mastodonapp.uk/tags/DomainNameSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNameSystem</a> <a href="https://mastodonapp.uk/tags/BendersTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#BendersTest</a>

stfnI switched my PiHole upstream DNS from Google to Quad9. Let's see how it goes and if I see any difference.One less Google service in my house :zawadiaka:<a href="https://fedi.stfn.pl/tags/pihole" class="mention hashtag" rel="nofollow noopener" target="_blank">#pihole</a> <a href="https://fedi.stfn.pl/tags/quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#quad9</a>

Gemma ⭐️🔰🇺🇸 🇵🇭 🎐<a href="https://mastodon.social/@bhasic" class="u-url mention" rel="nofollow noopener" target="_blank">@bhasic</a> I’m already using a <a href="https://mstdn.plus/tags/Pihole" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pihole</a> with filtered <a href="https://mstdn.plus/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a>.

Kevin Karhan :verified:<a href="https://mastodon.social/@quad9dns" class="u-url mention" rel="nofollow noopener" target="_blank">@quad9dns</a> <a href="https://social.g2od.ch/@rapha3l" class="u-url mention" rel="nofollow noopener" target="_blank">@rapha3l</a> <a href="https://waldvogel.family/@marcel" class="u-url mention" rel="nofollow noopener" target="_blank">@marcel</a> <a href="https://ioc.exchange/@abuse_ch" class="u-url mention" rel="nofollow noopener" target="_blank">@abuse_ch</a> Also this only applies to the <code>filtered</code> & <code>secured</code> <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> servers.<ul><li>default filtered DNS by <a href="https://infosec.space/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a><pre><code>9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9 </code></pre></li><li>secured quad9 servers<pre><code>9.9.9.11 149.112.112.11 2620:fe::11 2620:fe::fe:11 </code></pre></li><li>unfiltered quad9 DNS<pre><code>9.9.9.10 149.112.112.10 2620:fe::10 2620:fe::fe:10 </code></pre></li></ul>See <a href="https://www.quad9.net/service/service-addresses-and-features" rel="nofollow noopener" translate="no" target="_blank">https://www.quad9.net/service/service-addresses-and-features</a> for details.The unfiltered ones do not filter any results, thus they should only be used for those that i.e. filter their results themselves.

Marcel Waldvogel6️⃣ <a href="https://waldvogel.family/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> hat eine Grafik, die den Einbruch des Internetverkehrs in Spanien und Portugal gestern visualisiert.Ihre drei Serverstandorte waren scheinbar mit funktionierender Notstromversorgung ausgestattet. Im Gegensatz zu – mutmasslich – diversen Internetanbietern. Wie im Wallis werden da jetzt wahrscheinlich die Notfallszenarien an vielen Stellen nochmals überdacht. <a href="https://mastodon.social/@quad9dns/114416276417809952" rel="nofollow noopener" translate="no" target="_blank">https://mastodon.social/@quad9dns/114416276417809952</a>

Max ResingReceived an email by the <a href="https://infosec.exchange/tags/NANOG" class="mention hashtag" rel="nofollow noopener" target="_blank">#NANOG</a> mailing list in which they raise a pretty concerning thing: Apparently, <a href="https://infosec.exchange/tags/Spain" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spain</a> started to intercept or nullroute certain IP addresses of <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener" target="_blank">#CDN</a> providers. The intent is to fight <a href="https://infosec.exchange/tags/piracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#piracy</a> during <a href="https://infosec.exchange/tags/football" class="mention hashtag" rel="nofollow noopener" target="_blank">#football</a> matches.Do the people who pass the list of IP addresses even understand the significance of blocking a bunch of <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener" target="_blank">#CDN</a> networks of various providers? Seriously?! It <a href="https://infosec.exchange/tags/censors" class="mention hashtag" rel="nofollow noopener" target="_blank">#censors</a> access to tens of thousands of legitimate <a href="https://infosec.exchange/tags/websites" class="mention hashtag" rel="nofollow noopener" target="_blank">#websites</a> which is blatantly accepted as a <a href="https://infosec.exchange/tags/collateral" class="mention hashtag" rel="nofollow noopener" target="_blank">#collateral</a> to help out some shady sports association in their <a href="https://infosec.exchange/tags/copyright" class="mention hashtag" rel="nofollow noopener" target="_blank">#copyright</a>?How much shadier can a decision be? Since this is a thing, maybe they can think about taking down entire regions in Spain the next football match?The amount of collateral damage in the name of copyright is ridiculous. The <a href="https://infosec.exchange/tags/EuropeanUnion" class="mention hashtag" rel="nofollow noopener" target="_blank">#EuropeanUnion</a> really has to step-up their game in addressing those concerning developments. I read about multiple such blatant decisions so far. Eyeing at you, <a href="https://infosec.exchange/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> and <a href="https://infosec.exchange/tags/Sony" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sony</a>...<a href="https://infosec.exchange/tags/copyrightinfringement" class="mention hashtag" rel="nofollow noopener" target="_blank">#copyrightinfringement</a> <a href="https://infosec.exchange/tags/LaLiga" class="mention hashtag" rel="nofollow noopener" target="_blank">#LaLiga</a> <a href="https://infosec.exchange/tags/digitalsovereignty" class="mention hashtag" rel="nofollow noopener" target="_blank">#digitalsovereignty</a> <a href="https://infosec.exchange/tags/eu" class="mention hashtag" rel="nofollow noopener" target="_blank">#eu</a> <a href="https://infosec.exchange/tags/digitaleurope" class="mention hashtag" rel="nofollow noopener" target="_blank">#digitaleurope</a> <a href="https://infosec.exchange/tags/corporatepower" class="mention hashtag" rel="nofollow noopener" target="_blank">#corporatepower</a>

Kevin Karhan :verified:<a href="https://mastodon.ie/@DoctorBrodsky" class="u-url mention" rel="nofollow noopener" target="_blank">@DoctorBrodsky</a> <a href="https://toot.wales/@woe2you" class="u-url mention" rel="nofollow noopener" target="_blank">@woe2you</a> <a href="https://hachyderm.io/@miah" class="u-url mention" rel="nofollow noopener" target="_blank">@miah</a> given <a href="https://infosec.space/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> bowed before the <a href="https://infosec.space/tags/Contentmafia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Contentmafia</a> and censored <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> requests, I'll continue to recommend using <a href="https://infosec.space/tags/OpenNIC" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenNIC</a>'s Servers <a href="https://github.com/greyhat-academy/lists.d/blob/a4a7ccf70d8504ebbffd7e5fbcd5630294860434/dns.servers.list.tsv" rel="nofollow noopener" target="_blank">instead</a><code>94.103.153.176 & 2a02:990:219:1:ba:1337:cafe:3</code> as well as <code>144.76.103.143 & 2a01:4f8:192:43a5::2</code> <ul><li>If you <a href="https://mastodon.ie/@DoctorBrodsky/114251891439728473" rel="nofollow noopener" target="_blank">only add a single</a> <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv4</a> address, no <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv6</a> resolution will take place over said provider or worse even no IPv6 connectivity at all...</li></ul>I merely <a href="https://github.com/greyhat-academy/lists.d/blob/a4a7ccf70d8504ebbffd7e5fbcd5630294860434/dns.servers.list.tsv#L25" rel="nofollow noopener" target="_blank">retain quad9</a> on said list for archival purposes. I Yeeted <a href="https://infosec.space/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> aka. <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClownFlare</a> since they are a <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#RogueISP</a>!

RTN<a href="https://chaos.social/tags/DerStandard" class="mention hashtag" rel="nofollow noopener" target="_blank">#DerStandard</a>: " Trumps Kürzungsrausch gefährdet für das Internet wichtige Open-Source-ProjekteDie neue US-Regierung entzieht dem Open Technology Fund die Mittel. Von diesem sind unter anderem Let’s Encrypt, Tor und F-Droid finanziell abhängig. Der OTF hat Klage eingereicht " <a href="https://www.derstandard.at/story/3000000263520/lets-encrypt-tor-trump-kuerzungen-gefaehrden-fuer-das-internet-wichtige-open-source-projekte?ref=article" rel="nofollow noopener" translate="no" target="_blank">https://www.derstandard.at/story/3000000263520/lets-encrypt-tor-trump-kuerzungen-gefaehrden-fuer-das-internet-wichtige-open-source-projekte?ref=article</a>30.3.2025<a href="https://chaos.social/tags/FDroid" class="mention hashtag" rel="nofollow noopener" target="_blank">#FDroid</a> <a href="https://chaos.social/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#LetsEncrypt</a> <a href="https://chaos.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://chaos.social/tags/OpenVPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenVPN</a> <a href="https://chaos.social/tags/OTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTF</a> <a href="https://chaos.social/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> <a href="https://chaos.social/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#Software</a> <a href="https://chaos.social/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tails</a> <a href="https://chaos.social/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> <a href="https://chaos.social/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#USA</a> <a href="https://chaos.social/tags/USAGM" class="mention hashtag" rel="nofollow noopener" target="_blank">#USAGM</a>

Kevin Karhan :verified:<a href="https://mastodon.sdf.org/@freeagent" class="u-url mention" rel="nofollow noopener" target="_blank">@freeagent</a> <a href="https://toot.community/@VTDARKSIM" class="u-url mention" rel="nofollow noopener" target="_blank">@VTDARKSIM</a> <a href="https://hachyderm.io/@miah" class="u-url mention" rel="nofollow noopener" target="_blank">@miah</a> <a href="https://infosec.space/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> self-censored their <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> and <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClownFlare</a> is a <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#RogueISP</a>!<a href="https://infosec.space/@kkarhan/114201410030390264" translate="no" rel="nofollow noopener" target="_blank">https://infosec.space/@kkarhan/114201410030390264</a>

Joaquim HomrighausenIf you're not running your own DNS resolver, and/or not running PiHole, changing your DNS from 8.8.8.8 to 9.9.9.9 is a good first step 😉 <a href="https://mastodon.online/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#dns</a> <a href="https://mastodon.online/tags/infrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#infrastructure</a> <a href="https://mastodon.online/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://mastodon.online/tags/quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#quad9</a> <a href="https://mastodon.online/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://mastodon.online/tags/tcpip" class="mention hashtag" rel="nofollow noopener" target="_blank">#tcpip</a> <a href="https://mastodon.online/tags/internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#internet</a> <a href="https://mastodon.online/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersec</a> <a href="https://mastodon.online/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.online/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.online/tags/pihole" class="mention hashtag" rel="nofollow noopener" target="_blank">#pihole</a>

adfichter 🖋The same happens again... Now France's Canal+ wants a privacy-friendly Swiss DNS-Resolver to block certain websites. The court rouling from Germany (against Sony) doesn't matter.<a href="https://chaos.social/tags/quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#quad9</a> <a href="https://chaos.social/tags/dnsresolver" class="mention hashtag" rel="nofollow noopener" target="_blank">#dnsresolver</a> <a href="https://quad9.net/news/press/quad9-faces-new-dns-censorship-legal-challenge-in-france-from-canal/" rel="nofollow noopener" translate="no" target="_blank">https://quad9.net/news/press/quad9-faces-new-dns-censorship-legal-challenge-in-france-from-canal/</a>

〄<a href="https://earth.law/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> is a <a href="https://earth.law/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> minefield. Here's my best shot at charting a safe course through. New <a href="https://earth.law/tags/blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#blog</a> post up now re: combining <a href="https://earth.law/tags/AdGuardHome" class="mention hashtag" rel="nofollow noopener" target="_blank">#AdGuardHome</a> with rotating stable of <a href="https://earth.law/tags/DNSCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNSCrypt</a> resolvers, with <a href="https://earth.law/tags/Tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tailscale</a> <a href="https://earth.law/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a> over <a href="https://earth.law/tags/Mullvad" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mullvad</a> exit nodes, and <a href="https://earth.law/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> obtaining certificates for <a href="https://earth.law/tags/DOH" class="mention hashtag" rel="nofollow noopener" target="_blank">#DOH</a> — <a href="https://sij.law/dns/" rel="nofollow noopener" translate="no" target="_blank">https://sij.law/dns/</a><a href="https://earth.law/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://earth.law/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfhosting</a> <a href="https://earth.law/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#debian</a> <a href="https://earth.law/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://earth.law/tags/hetzner" class="mention hashtag" rel="nofollow noopener" target="_blank">#hetzner</a> <a href="https://earth.law/tags/server" class="mention hashtag" rel="nofollow noopener" target="_blank">#server</a> <a href="https://earth.law/tags/pihole" class="mention hashtag" rel="nofollow noopener" target="_blank">#pihole</a> <a href="https://earth.law/tags/unbound" class="mention hashtag" rel="nofollow noopener" target="_blank">#unbound</a> <a href="https://earth.law/tags/macos" class="mention hashtag" rel="nofollow noopener" target="_blank">#macos</a> <a href="https://earth.law/tags/ios" class="mention hashtag" rel="nofollow noopener" target="_blank">#ios</a> <a href="https://earth.law/tags/DNSOverride" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNSOverride</a> <a href="https://earth.law/tags/DeepDive" class="mention hashtag" rel="nofollow noopener" target="_blank">#DeepDive</a> <a href="https://earth.law/tags/LittleSnitch" class="mention hashtag" rel="nofollow noopener" target="_blank">#LittleSnitch</a> <a href="https://earth.law/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> <a href="https://earth.law/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> #9999

Michał "rysiek" Woźniak · 🇺🇦If you are at the <a href="https://mstdn.social/tags/GlobalGathering" class="mention hashtag" rel="nofollow noopener" target="_blank">#GlobalGathering</a> in Estoril and would like to learn more about <a href="https://mastodon.social/@quad9dns" class="u-url mention" rel="nofollow noopener" target="_blank">@quad9dns</a> – or are already using it and just want to say hi! 👋 – come to the <a href="https://mstdn.social/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> booth on Sunday at 15:30 in Booth 13.I'll be there.There will be stickers.

Michał "rysiek" Woźniak · 🇺🇦I am at the <a href="https://mstdn.social/tags/GlobalGathering" class="mention hashtag" rel="nofollow noopener" target="_blank">#GlobalGathering</a> in Estoril, Portugal this weekend, and have booths about <a href="https://mstdn.social/tags/LibResilient" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibResilient</a> (Saturday, 15:30 - 17:30) and about <a href="https://mstdn.social/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quad9</a> (Sunday, 15:30 - 17:30).If you're there as well, come say hi!

Recent searches

Search options

Administered by:

Server stats:

#quad9