Logging And Security

Discuss topics relating to alternative DNS in general. Including privacy, censorship and innovation.
Ole Juul
Posts: 30
Joined: Mon Jan 18, 2016 2:52 am

Logging And Security

Postby Ole Juul » Tue Dec 06, 2016 9:03 am

I've often seen questions about OpenNIC logging on our IRC and elsewhere. It seems to be one of the reasons people chose OpenNIC. I can see why. Google stores DNS info in a temporary fashion for 24 to 48 hours. This contains personal identification. Another set of logs is less personal but is kept for two weeks and a subset of that is kept indefinitely. Their actual search data is kept for 18 months and then semi anonymized (removing last octet) and stored indefinitely. A few years ago (according to a VP of engineering there) they used to keep everything and then ship it off on tape for long term storage. It sounds like they have leaned up their act a little bit in the last few years, but they can still hold a potentially dangerous position. Many people are not comfortable with this, just as a matter of principle.

OpenNIC has a real advantage here. From what I see most operators only log information for operational purposes. You need to do some of that. We can trust that most (if not all) operators have little interest in logging personal information. After all, not being as big as Google or the other big operators, a volunteer nameserver operator does not get enough information to be useful or to sell. On top of that, OpenNIC servers are diverse and not directly connected with your internet accounts, especially your ISP. This diversity in itself offers a level of security.

Something that came to mind while thinking about this was liability. It seems to me that if you have information on your server, you can potentially be held responsible for it in some way. Either the information can be subpoenaed for it, causing work and ethical conflicts of all kinds. Not only that, but with the way laws are changing in regard to the responsibilities of providers of all kinds of services, it is not unthinkable that a lowly domainserver operator could be liable for actions of their users or expected to monitor activity. I hope not. In any case, unless there is legal pressure to log, it's probably safer to just not do it.

rouben
Posts: 2
Joined: Wed Jan 03, 2018 2:15 am

Re: Logging And Security

Postby rouben » Wed Jan 03, 2018 2:22 am

I shppose this makes sense... you could always enable logs temporarely for troubleshooting, for example.


Return to “Alternative DNS”

Who is online

Users browsing this forum: No registered users and 0 guests