[dns-operations] monetization of passive dns collection
Paul Vixie
paul at redbarn.org
Fri Mar 29 16:56:31 UTC 2019
an unrelated topic but one near and dear to me was mentioned in passing.
David Conrad wrote on 2019-03-29 08:38:
> ...
> And to be clear, this isn’t a situation I’m happy with. It is, however,
> a natural outcome of lying DNS servers, monetization of passive DNS
> collection, pervasive surveillance, etc.
as a passive dns monetizer, i want to be clear, we are not in the
surveillance business. unlike the so-called "public" dns providers, we
do not see end-user IP addresses. our sensor operators send only cache
miss traffic from servers whose operators have given express permission,
which we then heavily filter and anonymize.
no output from our database fits the description of Personally
Identifiable Information, and the total number of changes to our
business practices as a result of GDPR was the null set. we were
privacy-respecting for many years before edward snowden flew to hong
kong and made his various "disclosures".
if anyone has any concerns about these practices, i welcome discussion,
either here in public, or privately by e-mail or telephone or in person.
also note, my dns servers lie to my local client population about things
like DGA C&C addresses, phishing servers, and other things i consider
dangerous. this is called a DNS Firewall, and it's done with technology
called Response Policy Zones (DNS RPZ), and it's free to implement or
operate as a publisher or a subscriber, even though there aren't as many
free "policy feeds" as i'd like.
anyone who doesn't like my DNS lies doesn't have to use my network, so
we're even.
--
P Vixie
More information about the dns-operations
mailing list