zlacker

[parent] [thread] 2 comments
1. oarsin+(OP)[view] [source] 2019-10-04 09:44:08
> They rightly made the decision NOT to pass on the end user's IP information to the upstream DNS server. I agree with this decision and they are acting in my best interests in doing so. To draw some kind of nefarious intention from this is absurd.

In this instance, the upstream DNS server and the resultant HTTP server are operated by the same organisation. Cloudflare have opted to not provide the /24 (or /56 if IPv6) network that the original DNS request came from, in the DNS request. Your computer will then provide the /32 (or /128 if IPv6) that your request is coming from when you connect to the HTTP server.

What privacy win have you gained by Cloudflare not providing that information in this instance?

replies(1): >>spzb+L1
2. spzb+L1[view] [source] 2019-10-04 10:12:24
>>oarsin+(OP)
In this particular case, you're right. But as a general principle DNS is not necessarily owned by the same organisation as hosts the website.
replies(1): >>oarsin+e4
◧◩
3. oarsin+e4[view] [source] [discussion] 2019-10-04 10:44:36
>>spzb+L1
Correct. It's also worth noting that as a general principle, the DNS server making the request on behalf of the user is hosted in the same network as the user, and not an external third party.

In this particular case, it's one CDN taking issue with another CDN only. No other DNS providers appear to be impacted.

[go to top]