The state of DNS security records 2019

Record type occurence

My recent search for DNS hosting, reminded me that it’s been a while since my first state of DNS report. I had meant to do it every year so this is a bit late, I should probably set myself a reminder. At this point lets just say I missed 2018 and this is the 2019 report and I’ll try to remember for 2020. TLDR: Summary The deployment of security records in DNS has got slightly worse. The average score (out of 10) based on deployment of CAA, DKIM, DMARC, DNSSEC and SPF was 2.48 in 2017 , the same records checked today averaged 2.15 with this years data set averaging 2.42. Two data sets where used this year, the 2017 lists and updated lists taken from the same sources. Usage of IPv6, SPF and DMARC have seen significant decreases across both sets of data, off set only slightly by theā€¦ Continue reading

Cloudflare DoH!

This is a follow up to my previous article “Some problems with DoH!“. Given that Cloudflare are the preferred partner of Mozilla who are threatening to impose DNS-over-HTTPS on the majority of people I thought it worth while to have a look at what they have to say for themselves. All of this information is taken from https://developers.cloudflare.com/1.1.1.1/ as it was on 14th August 2018 ( archive.org link ). Some of my commentary may verge on the pedantic*, but given the nature of what is being proposed I think a little** pedantry and cynicism is called for. I may be mainly asking cynical and paranoid questions, given the weasel words and behaviour we’ve all seen from other companies I think this is justified for someone selling themselves on privacy. Continue reading