NTroy

I've spent a long time attempting to find any managed DNS/DNS hosting providers that also guarantee privacy.

Does anyone on here know of any DNS hosting provider that can meet the following criteria?

Mandatory:

- The provider allows for the creation of all, standard DNS records

- The provider can guarantee no logging of DNS queries or a short retention period for those logs (or, if logs are kept, then they must not include the IP address from which the request originated)

- The provider allows DNS hosting for domains not necessarily registered through that same provider

Bonus Points:

- The provider has a large network of fast servers (potentially anycast DNS)

- The provider allows for some advanced options (for example "POOL Records," "Round Robin" DNS, or "Geo" DNS)

- The provider is relatively cost effective

Note: I'm not looking for private DNS providers. There are plenty of providers who offer DNS services for free or cheap, and have great privacy guarantees. I'm specifically looking for providers that will host your custom DNS records, and guarantee that all queries to those records are not logged. The few providers that I found who ran private DNS services and allowed for managed DNS still collected analytics when you hosted custom records, and did not allow for those analytics to be disabled.

If you know of any such services, I'd be super grateful if you could link them below, and/or share any experience you have with them. Thanks!

As of late, I've found my self in the middle of quite a few debates on open source network/system security. Specifically, I've had to defend a number of projects who only use open source tools, and post details of their infrastructure online (such as firewall rules), for others to criticize and comment on.

In my opinion, there is no problem with this, as the groups I've defended only expose well-known, battle tested, security audited, and heavily supported dependencies/services, such as Django and OpenSSH. They also have very simple firewall rules and configurations which block out all other ports. To me, this seems practical and removes much (although obviously not all) of the risk from their hands.

However, I also see the other side, and understand that this could be risky for smaller projects that don't have many people reviewing their code. This also, unlike a proprietary solution, exposes technical data about security to a potential attacker, which is a risk... although I've also heard people argue that it doesn't actually make any practical difference.

Here's a simple, but good article on Wikipedia that covers some points on each side. This article is more about software... but many of the arguments still apply or translate: https://en.wikipedia.org/wiki/Open-source_software_security

The point is, I've already had my debates about this, and now I would like to hear from everyone else. What do you think? Do you think that "security through community" is a good idea? Is it the way of the future? Or is it the beginning to the end for any company that takes this approach? Are there some approaches that are good, and others that are bad?

Fetch Apply (https://github.com/P5vc/FetchApply) is a new system configuration and management tool, that follows the same principles as aviary.sh. Fetch Apply, however, has much better documentation, security practices, customizability, readability, production examples (https://github.com/P5vc/ServerConfigurations), and uses an inheritance model, allowing the bulk configuration of like servers, with minimal code.

Fetch Apply is written in Bash (no need to use tools in other languages which often time end up acting as bash wrappers and running half of the configuration in bash anyways), and is designed for use on secure systems: it is simple by design, and easily auditable by a single person. Fetch Apply also leaves an agent running on the target system (comprised of less than 500 lines of code in bash, and run by cron only during user-defined intervals, meaning it’s ridiculously efficient and has no noticeable system impact), and is based off of git, meaning that you can view a full configuration history, as well as push a new configuration upstream whenever you’d like, and the changes will be automatically applied on the designated server(s).

Why are there still so many two letter domain names available? Well, technically domain names that are four letters in total (two letter TLD and two letter SLD). But still, why are there so many?

- There is only a very short supply of them, and relatively speaking (2626x, where x = number of TLDs), the total number is easily within the lower ten thousands. - They're super easy to remember, and quick to type for customers/visitors. - As someone who's worked in I.T., if given the choice for an "internal" domain, I'd choose (and have chosen) a two-letter domain all day long. It's way less typing and makes configuration of devices much easier... so why haven't others thought the same way... - Since there are so few, and they are special by nature, why aren't "domain sharks" scooping them all up and trying to resell them for a profit? - Most of them cost the exact same amount as a standard domain name

So yeah, I'm just curious as to why they're apparently not nearly as appealing as longer domain names. I understand that it's hard to put a business/organization name into 4 letters, but still, I'd think that there are at least a few thousand geeks out there like myself who'd want to have one or two.