Thinking about where you’re making your DNS requests

Yesterday, Cloudflare announced their 1.1.1.1 DNS service. They provide a good primer on DNS, and what solution they are working to resolve. There was a lot of chatter in the infosec community about this, often directed to DNS legend and friend, Dan Kaminsky.

This was my response to utilizing this service, especially if you’re not an American:

As I’ve said elsewhere, I won’t be recommending the American company whose main product is SSL/TLS MITMaaS, to my DNS seeking clients.

A Canadian doing a lookup on emeryseeds.ca to buy cannabis seeds would be breaking US federal law and worthy of a lifetime ban from US soil, as an example of why this is a terrible idea for non-Americans.

While I appreciate wrapping DNS requests in crypto at the transport layer, as well as third party auditing, I’m holding out for a solution that is not American (bound by the US PATRIOT ACT), and ideally open source and decentralized.

If you know of any fast, open source, decentralized solutions, let me know!