<div dir="ltr"><div>Ack..  <br></div><div><br></div><div>That's twice today I've heard the expression "Canadian Shield".. apparently a Kitchener 3D printing company just spun of a medical shield division called The Canadian Shield.. <a href="https://www.cbc.ca/news/canada/kitchener-waterloo/kitchener-inksmith-canadian-face-shield-1.5525094?cmp=rss">https://www.cbc.ca/news/canada/kitchener-waterloo/kitchener-inksmith-canadian-face-shield-1.5525094?cmp=rss</a></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 7 Apr 2020 at 16:18, Chris Irwin <<a href="mailto:chris@chrisirwin.ca">chris@chrisirwin.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">(Quick aside, can somebody ack the list to ensure this was received?  <br>
Particularly if you're on a large host like gmail/o365/etc? I've got <br>
SPF, DKIM, and DMARC set up and am curious if it affects re-delivery via <br>
mail lists)<br>
<br>
Just curious if anybody has thoughts on CIRA's new "Canadian-Shield" <br>
DNS?<br>
<br>
     <a href="https://www.cira.ca/cybersecurity-services/canadian-shield" rel="noreferrer" target="_blank">https://www.cira.ca/cybersecurity-services/canadian-shield</a><br>
<br>
Big selling features seem to be:<br>
<br>
* Keeping data inside Canada<br>
* DNS, DoT, and DoH support<br>
* CIRA being a non-profit<br>
<br>
Their FAQ and privacy policy addresses a few privacy concerns, as well:<br>
<br>
     <a href="https://www.cira.ca/cybersecurity-services/canadian-shield/faq" rel="noreferrer" target="_blank">https://www.cira.ca/cybersecurity-services/canadian-shield/faq</a><br>
<br>
     <a href="https://www.cira.ca/cybersecurity-services/canadian-shield/privacy" rel="noreferrer" target="_blank">https://www.cira.ca/cybersecurity-services/canadian-shield/privacy</a><br>
<br>
The summary seems to be:<br>
<br>
* Don't use personal info for themselves or third parties<br>
* Queries with IPs are logged for 24 hours to detect abuse<br>
* Specifically, they mention IPs removed after 24 hours<br>
* After 24 hours, only aggreggate data retained<br>
<br>
Optional DNS-level malware filtering, and optional "family" filters are <br>
available as well. Apparently the family filter blocks Reddit (which to <br>
be fair...). I've been using the malware-filtering DNS for a few days <br>
without complaint.<br>
<br>
I did have some issues confirming it was working due to some agressive <br>
DNSSEC enforcement on my router (their non-propigated test domains are <br>
not signed, but the rest of <a href="http://cira.ca" rel="noreferrer" target="_blank">cira.ca</a> is, so my router was refusing to <br>
return an unsigned result for a signed domain). That's not specific to <br>
this DNS, however.<br>
<br>
-- <br>
Chris Irwin<br>
<br>
email:   <a href="mailto:chris@chrisirwin.ca" target="_blank">chris@chrisirwin.ca</a><br>
  xmpp:   <a href="mailto:chris@chrisirwin.ca" target="_blank">chris@chrisirwin.ca</a><br>
   web: <a href="https://chrisirwin.ca" rel="noreferrer" target="_blank">https://chrisirwin.ca</a><br>
<br>
_______________________________________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
<a href="https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
</blockquote></div>