[dns-operations] new public DNS service: 9.9.9.9

[Paul Vixie]

Damian Menscher wrote:
> On Fri, Nov 17, 2017 at 10:41 PM, Paul Vixie <paul at redbarn.org
> <mailto:paul at redbarn.org>> wrote:
>
>     even though i believe quad9's published privacy policy, just as i
>     believe google's for 8.8.8.8 and cisco/umbrella's for opendns, i do
>     not trust all of the ISP's between me and them, and all of the
>     telco's they buy service from, not to data mine my queries.
>
>
> Your argument that you don't trust the ISPs between you and
> Google/OpenDNS/Quad9, and therefore run your own local recursive
> resolver, confuses me.  After all, your local recursive needs to query
> third-party authoritative servers anyway.

the data upstream of a recursive does not show end-user ip addresses, 
nor reuse/popularity information. that's why google's privacy policy for 
8.8.8.8 is so important. you guys do good work with that -- please don't 
take this e-mail thread as a complaint.

> To convince yourself, answer these two questions:
>    - How many ISPs are between you and 8.8.8.8?  I'm on Comcast, and
> they have direct peering with Google, so the number is zero.
>    - How many ISPs are between you and the average authoritative DNS
> server you need to reach?  I'm guessing that number is non-zero.
>
> Or did I misunderstand what you meant about the ISPs/telcos between you
> and the third-party rDNS providers?

i am not always zero or one hop away from google. but even if i were, i 
would want to control my own RDNS policy, using DNS RPZ. google's raw 
unfiltered service is exactly what i want when i'm on travel, but it's 
not what i want all the time.

-- 
P Vixie