The vast majority of people will not see EDE errors. Even when they are set there is no guarantee that downstream resolvers have it enabled. The default in Unbound is disabled and people rarely check logs. Even if someone is using DoH their browser would have to translate the specific text to the user if it received such an error. Here [1] are some notes on the support of EDE around the internet.
As a side note I do not see that error for that domain. I get an A record which belongs to Cloudflare. Cloudflare could just as easily drop that domain into an account that displays the censored error message as text/plain to the user and close the connection.
I use Google DNS over my isp only because I thought they didn't involve in these shenanigans. Where to next?
finnlab · 19h ago
BlahDNS is nice, it's privately operated so uptime is not a guarantee but I have not had problems in years. Other than that, both Njalla and Mullvad provide DoH services, they are pretty reputable in regards to user privacy
gertop · 1d ago
If the DNS error doesn't bubble up to the eyes of the average user it might as well not exist, so torrentfreak isn't wrong.
Of course CloudFlare hijacking the domain and sending traffic to a page they host isn't a great solution either...
bstsb · 1d ago
for Cloudflare, looks like they're just following the instructions they were given in the court order - to redirect the website.
in no way supporting the act itself of dns blocking
jiveturkey · 1d ago
ooh, mixed emotion. upvote or downvote?
- yes, the error has to bubble up to the user. i'm surprised the browser doesn't do this. i imagined EDE was plumbed into the browser becuase yeah -- no value for this otherwise and with PDNS we need such plumbing
- no, cloudflare does not hijack. they implement the court order for domains already under their management. this is no more hijacking than altering the DNS reply is hijacking, in fact less so since they only touch domains that they already serve. (BTW i am very much anti-cloudflare.)
TonyTrapp · 1d ago
There's a box labelled "Submit a correction or tip" at the bottom of the original article. Filling that in might have been better time spent than writing a blog post.
mankyd · 1d ago
Who's to say they didn't?
Writing a follow up post is certainly valuable for raising awareness to anyone who had already read the original erroneous article.
As a side note I do not see that error for that domain. I get an A record which belongs to Cloudflare. Cloudflare could just as easily drop that domain into an account that displays the censored error message as text/plain to the user and close the connection.
[1] - https://blog.apnic.net/2023/09/28/extended-dns-errors-unlock...it's not as if that's hard. unfortunately chrome has sat on this for years. dunno about other browsers.
https://issues.chromium.org/issues/40912798
Of course CloudFlare hijacking the domain and sending traffic to a page they host isn't a great solution either...
in no way supporting the act itself of dns blocking
- yes, the error has to bubble up to the user. i'm surprised the browser doesn't do this. i imagined EDE was plumbed into the browser becuase yeah -- no value for this otherwise and with PDNS we need such plumbing
- no, cloudflare does not hijack. they implement the court order for domains already under their management. this is no more hijacking than altering the DNS reply is hijacking, in fact less so since they only touch domains that they already serve. (BTW i am very much anti-cloudflare.)
Writing a follow up post is certainly valuable for raising awareness to anyone who had already read the original erroneous article.