• 2 Posts
  • 627 Comments
Joined 11 months ago
cake
Cake day: March 3rd, 2024

help-circle
rss

  • That’s not what I was talking about.

    Technitium does not (necessarily) use a third-party service, but sends all queries directly to the root nodes.

    By default, any DNS server will look to the root servers for any query. The root servers only know what DNS servers are authoritative for top level domains (TLDs), and tell the client querying “Hey, go ask the “.com” (for example) server.”

    That server knows what DNS servers are authoritative for the zones under .com, and says “Hey, go ask the “querieddomain” server.”

    Then your machine asks that server for the “www” (for example) host, and that DNS server says “Here’s the IP.”

    Unless the DNS server your machine is pointing at is configured to use a forwarder, wherein queries for any records that it isn’t authoritative for or aren’t in its local cache are resent to whatever DNS server is configured as the forwarder. The recursion like above is done between your DNS server and its forwarder, finally returning you an IP address when one is identified.

    There’s a bit more to it than that, but that’s what I was talking about. Out of the box, a DNS server uses root hints, which are IP addresses of the root DNS servers. You would need to configure forwarder(s) in your DNS server if you desire them.




  • For the record, any DNS server you choose to employ should default to only using the root servers. You would need to configure your own forwarder IP(s) to point to a general purpose resolver.

    … censorship-free …

    You should also be aware that even if you use root servers, a DNS server which is authoritative for the domain you are querying may well return different results depending on where in the world you are. This can be in order to direct you to an IP that is closer to you, or because “different global locations get different content” for any reason, including censorship and malicious goals. The latter is definitely less likely than the former, but it’s just as possible.



  • https://en.wikipedia.org/wiki/Internet_censorship_in_the_United_States

    Trading with the Enemy Act (TWEA)

    In March 2008, the New York Times reported that a blocklist published by the Office of Foreign Assets Control (OFAC), an agency established under the Trading with the Enemy Act 1917 and other federal legislation, included websites, so that US companies are prohibited from doing business with those websites and must freeze their assets. The blocklist had the effect that US-based domain name registrars must block those websites. According to the article, eNom, a private domain name registrar and Web hosting company operating in the US, disables domain names that appear on the blocklist.[38] It described eNom’s disabling of a European travel agent’s web sites advertising travel to Cuba, which appeared on the list.[39] According to the report, the US government claimed that eNom was “legally required” to block the websites under US law, even though the websites were not hosted in the US, were not targeted at US persons, and were legal under foreign law.

    As far as null routing IPs, we’ll see.