[dns-operations] Can Root DNS server modify the response?

[Jeroen Massar]

On 2019-03-26 17:45, David Conrad wrote:
> Jeroen,
> 
> I’m no longer sure what you’re arguing for/against — I was simply pointing out that your assertion that “one will never know” whether responses were being censored was too pessimistic in the case of queries to the root servers given DNSSEC. This seems to have morphed to a rant against a particular implementation of DoH and the purpose of the Internet, which is fine, but unrelated to the subject of this message and not something I’m personally interested in arguing about.

It is good that you focus on the DNSSEC portion, even though I was pretty clear about that part. (Maybe I need to change the subject line?)

Let me simplify the sentence so that it is easier to understand (my mistake, I tend to forget less is more):

"One will never know ... if they are monitoring".

And with 'monitoring' that means collecting data and selling/transfering it to other parties, be that for gain of one thing or the other.

> One question related to your TLDR though:
> 
> On Mar 26, 2019, at 9:26 AM, Jeroen Massar <jeroen at massar.ch <mailto:jeroen at massar.ch>> wrote:
>> - No transparency of (root) DNS server (auth/recursive) operations
>>   - would be cool if operators would provide that transparency
> 
> My impression is that the root server operators are increasingly transparent in their operations.  What is still opaque in your view?

I'll repeat the sentence from my mail that was obviously skipped while reading:

"While censorship is one part that could happen, the tracking of people/devices is another... and something can go mostly unnoticed as it is server-side."


Or to rephrase:

 There is no transparency what happens with the monitoring / logging of queries/answers.

Greets,
 Jeroen