FR4NK-W
commented
1 week ago Could this raise privacy concerns, since we are leaking information to external services?
These DNS fallbacks are explicitly only used when there is no local DNS search domains configured and all other methods failed. The only information leaked is the external IP address. This does not provide external services (Akamai, Quad9) with any other information they would not get when querying the DNS system for one of their hosts. We only use the external DNS resolver if required for getting a reply.
Let's discuss further in PR #23 ?
Add fallback feature for discovering a valid search domain for the current host using DNS, by performing a reverse DNS lookup and deriving candidate search domains from the returned hostname.
Add a fallback for the fallback: In case the current host does not have a public IP configured, obtain the externally visible (NAT, proxy) IP used for DNS by leveraging the Akamai whoami DNS service. https://www.akamai.com/blog/developers/introducing-new-whoami-tool-dns-resolver-information
Add additional layers of fallbacks: In case there is no working DNS resolver configured, use the Quad9 public DNS resolver to obtain the IP of a default Akamai authoritative NS, or query for additional fallback authoritative NS.
The number of external requests is minimized and the fallback paths involving additional 3rd parties are only taken if local DNS resolution is not working.