[kwlug-disc] CIRA Canadian Shield DNS
mmilicevic at rogers.com
mmilicevic at rogers.com
Tue Apr 7 17:32:30 EDT 2020
Kool ! Creative name, Kudos to that company.
Mike
Sent from Mail for Windows 10
From: CrankyOldBugger
Sent: Tuesday, April 7, 2020 4:28 PM
To: KWLUG discussion
Subject: Re: [kwlug-disc] CIRA Canadian Shield DNS
Ack..
That's twice today I've heard the expression "Canadian Shield".. apparently a Kitchener 3D printing company just spun of a medical shield division called The Canadian Shield.. https://www.cbc.ca/news/canada/kitchener-waterloo/kitchener-inksmith-canadian-face-shield-1.5525094?cmp=rss
On Tue, 7 Apr 2020 at 16:18, Chris Irwin <chris at chrisirwin.ca> wrote:
(Quick aside, can somebody ack the list to ensure this was received?
Particularly if you're on a large host like gmail/o365/etc? I've got
SPF, DKIM, and DMARC set up and am curious if it affects re-delivery via
mail lists)
Just curious if anybody has thoughts on CIRA's new "Canadian-Shield"
DNS?
https://www.cira.ca/cybersecurity-services/canadian-shield
Big selling features seem to be:
* Keeping data inside Canada
* DNS, DoT, and DoH support
* CIRA being a non-profit
Their FAQ and privacy policy addresses a few privacy concerns, as well:
https://www.cira.ca/cybersecurity-services/canadian-shield/faq
https://www.cira.ca/cybersecurity-services/canadian-shield/privacy
The summary seems to be:
* Don't use personal info for themselves or third parties
* Queries with IPs are logged for 24 hours to detect abuse
* Specifically, they mention IPs removed after 24 hours
* After 24 hours, only aggreggate data retained
Optional DNS-level malware filtering, and optional "family" filters are
available as well. Apparently the family filter blocks Reddit (which to
be fair...). I've been using the malware-filtering DNS for a few days
without complaint.
I did have some issues confirming it was working due to some agressive
DNSSEC enforcement on my router (their non-propigated test domains are
not signed, but the rest of cira.ca is, so my router was refusing to
return an unsigned result for a signed domain). That's not specific to
this DNS, however.
--
Chris Irwin
email: chris at chrisirwin.ca
xmpp: chris at chrisirwin.ca
web: https://chrisirwin.ca
_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200407/7c3e5fbc/attachment.htm>
More information about the kwlug-disc
mailing list