Subj : FidoGazette Vol 12 no 14 Page: 3
To   : mark lewis
From : Janis Kracht
Date : Fri Apr 06 2018 13:56:42

Hi Mark,

>> "If you switch [your DNS (jk)] to 1.1.1.1, then that ledger of where
>> you're going online is not being kept by your ISP," Matthew Prince,
>> CEO of Cloudflare, said in an interview.

> that's so wrong it is almost too funny to even laugh at... anyone in the path
> between your system and 1.1.1.1 can easily sniff the traffic flowing through
> and gather the information on what domain you're looking up and the return
>response from the DNS server... DNS is all in the clear and the only way for i
>to not be is to use some sort of encrypted tunnel from one end to the other...

I hatched a file today in the PDNUNIX file echo that may help to tell (one 
would hope) if these people are full of it or not :)

Here's the file announce post I just put in the PDNECHO.  It's a shell script 
so if one is concerned about what it's going to do, you can view it yourself
<g>

===cut here===
Today, <<Prism bbs received the following files:

========================================================================
Area: PDNUNIX           *NIX Programming               Origin: 1:261/38
========================================================================
  File: dnsprfts.zip (6kB)
  Desc: DNS Performance Test. Shell script to test the performance of the most
        popular DNS resolvers from your location.  Includes by
        default:CloudFlare 1.1.1.1 Level3 4.2.2.1 CleanBrowsing Google
        8.8.8.8 Yandex Quad9 9.9.9.9 AdGuard Freenom 80.80.80.80 Neustar
        OpenDNS Comodo Norton CleanBrowsing Yandex AdGuard Neustar
        Req: bc, dig.
        Ubuntu: #sudo apt-get install bc dnsutils
        https://github.com/cleanbrowsing/dnsperftest


===cut here===

>> With 1.1.1.1, internet users can let Cloudflare take over the process
>> of resolving requests to the Domain Name System, also known as DNS.
>> That's the crucial process of matching up a URL -- like facebook.com
>> -- with a website's true location on the internet, called an IP
>> address (for Facebook, that's 157.240.18.35).

> that depends on where you are and how/if they are doing round robin... over
> here, right now, we're seeing this...

> $ nslookup facebook.com
> Server:         192.168.xxx.1
> Address:        192.168.xxx.1#53

> Non-authoritative answer:
> Name:   facebook.com
> Address: 31.13.65.36


Over here, this is what comes up with the same command:

nslookup facebook.com
Server:         24.92.226.11
Address:        24.92.226.11#53

Non-authoritative answer:
Name:   facebook.com
Address: 157.240.2.35


> our 192.168.xxx.1 system is using google's 8.8.8.8 and 8.8.4.4 DNS servers...
>our ISP screwed the monkey some time back when they started intercepting
>failed  DNS lookups and sending folks to a search landing page so they could
>reap $$$  for advertising from your failed searches...

I see now the article I posted on Wednesday has been "amended":

"First published April 1 at 6 a.m. PT. Update April 2 at 12:50 p.m. PT: To 
clarify how 1.1.1.1. would hide web browsing data in combination with the DNS 
over HTTPS protocol."

Heh..

Take care,
Janis

--- BBBS/Li6 v4.10 Toy-3
 * Origin: Prism bbs (1:261/38)

.