what is wrong with DNS name 'covid19booster.healthservice.ie' ? : Google : what is Google's secret DNS service ?
Jason Vas Dias
jason.vas.dias at gmail.com
Sat Jan 8 15:34:37 UTC 2022
Good day -
I use BIND v9.16.24-1.fc34 on a fully up-to-date Fedora 34
x86_64 installation as a 'Caching-Only Nameserver', and
to serve a few local zones ( devices attaching to my
hostapd wireless network for instance ), and to serve
a DNS RPZ zone to direct adware / spyware hosts to 0.0.0.0.
My Internet Connection is as follows:
( GSM 4g/3g modem
WAN IP DHCP address provided by eir.com, with
nameservers: 159.134.0.11; 159.134.0.12;
served by DHCP
Does DHCP and NAT for DHCP leased addresses
) ||
|| 100m Cat6 Ethernet Cable
||
( My Linux Laptop's Dell Thunderbolt Ethernet port
Gets DHCP address from Modem.
Hostapd provides Access Point to @ 4 devices
connecting via DHCP; does NAT for this wireless
DHCP subnet to the modem assigned DHCP address.
) / | \
( several Android units for testing ...)
So I copy the DNS server addresses my ISP gives the
modem with DHCP into my named.conf's forwarders clause:
forwarders { 159.134.0.11; 159.134.0.12; } ;
This has seemed to work fine up til now.
Now, when I try to access the Irish Health & Safety
Executive's (HSE) website to make a Coronavirus
booster appointment, as advertised on its web-page:
https://www2.hse.ie/screening-and-vaccinations/covid-19-vaccine/get-the-vaccine/booster-booking/
where one is meant to click on the link:
"Book An Appointment": https://covid19booster.healthservice.ie/
to make an appointment, Firefox and Chrome both return
"Server Not Found" errors .
Running 'host' and 'dig' show NO DNS records for this address:
# host covid19booster.healthservice.ie
Host covid19booster.healthservice.ie not found: 3(NXDOMAIN)
# dig covid19booster.healthservice.ie @159.134.0.11
; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @159.134.0.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5751
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d8709a304768c6c62d5def9761d9a5a5a7041a24829eafd0 (good)
;; QUESTION SECTION:
;covid19booster.healthservice.ie. IN A
;; AUTHORITY SECTION:
healthservice.ie. 8946 IN SOA ns1.ie.topsec.com. hostmaster.topsec.com. 2022010601 3600 1200 3628800 10800
;; Query time: 46 msec
;; SERVER: 159.134.0.11#53(159.134.0.11)
;; WHEN: Sat Jan 08 14:58:38 GMT 2022
;; MSG SIZE rcvd: 152
# dig covid19booster.healthservice.ie @159.134.0.12
; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @159.134.0.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64814
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 367dae8c9918d4ae9b2b923761d9a6a0d321e2a74da293d9 (good)
;; QUESTION SECTION:
;covid19booster.healthservice.ie. IN A
;; AUTHORITY SECTION:
healthservice.ie. 9549 IN SOA ns1.ie.topsec.com. hostmaster.topsec.com. 2022010601 3600 1200 3628800 10800
;; Query time: 42 msec
;; SERVER: 159.134.0.12#53(159.134.0.12)
;; WHEN: Sat Jan 08 14:58:40 GMT 2022
;; MSG SIZE rcvd: 152
To show this configuration does work for other addresses:
# dig www.kernel.org
; <<>> DiG 9.16.24-RH <<>> www.kernel.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40744
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: aa286ca3eb2f9d1d0100000061d9a70bded0d6956f6f711c (good)
;; QUESTION SECTION:
;www.kernel.org. IN A
;; ANSWER SECTION:
www.kernel.org. 60 IN CNAME geo.source.kernel.org.
geo.source.kernel.org. 60 IN CNAME ams.source.kernel.org.
ams.source.kernel.org. 3462 IN A 145.40.68.75
;; Query time: 114 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jan 08 15:00:27 GMT 2022
;; MSG SIZE rcvd: 140
Visiting internic.net's whois server shows no records for
covid19booster.healthservice.ie, but instead these
error messages are displayed:
Whois Lookup 'covid19booster.healthservice.ie':
"
No registry RDAP server was identified for this domain. Attempting lookup using WHOIS service.
Failed to perform lookup using WHOIS service: TLD_NOT_SUPPORTED
"
As a result, I am unable to make a Covid Booster appointment , and as
my Covid certificate is soon to expire I will soon lose my rights
to travel, use public transport, shops, restaurants etc. who all
now require a current Covid Vaccination Certificate to enable use of these
services - I will be a third-class citizen, trapped in my 20-mile
radius locality, unable to use shops ...
Of course, the HSE.IE, in common with all Western Government
institutions these days, is a 100% Web-Site driven venture,
their phone numbers are unanswered, they do not respond to
emails, letters, or their Web Complaints Form, and as a
result my human rights are about to be suspended, and
there is no means of appeal ( though I am considering taking
the HSE to the European Court of Human Rights about this ... ).
However, I noticed my Android mobile phone, when it is not connected
to my Laptop, CAN resolve 'covid19booster.healthservice.ie', because
it uses Google's DNS server '8.8.8.8' .
So it appears that human rights and Covid protection in Ireland are
only granted to users of Google's DNS servers.
Indeed, when I ask my laptop's dig to query Google's 8.8.8.8
server, this succeeds:
# dig covid19booster.healthservice.ie @8.8.8.8
; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35984
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;covid19booster.healthservice.ie. IN A
;; ANSWER SECTION:
covid19booster.healthservice.ie. 3144 IN CNAME hse-self-referral.swiftqueue.com.
hse-self-referral.swiftqueue.com. 40 IN A 52.50.21.250
hse-self-referral.swiftqueue.com. 40 IN A 52.214.178.78
;; Query time: 52 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Jan 08 15:12:58 GMT 2022
;; MSG SIZE rcvd: 138
So the Irish Government Healthcare system's website is ONLY accessable
to users of Google's DNS servers.
But I don't want to use Google's DNS servers to allow
Google to spy on my web activity on my laptop.
I thought the DNS was meant to be global, and publically available ?
What has changed in this regard ?
What secret sauce do Google DNS servers have that is not
available to servers run by other operators ?
How can I query the "Google Only" Secret Web, without giving information to
Google ?
Who should I sue about this ?
Either :
A) My ISP, for not giving me access to the whole
internet & DNS system, for which I pay them
€50 per month ;
B) HSE, for discriminating against those who
do not use Google DNS services, denying them
access to Covid vaccination appointments ;
C) Google, for destroying the 'global, publically available'
nature of the DNS and Internet, and for hiding essential
health information from non-Google users ?
I guess they'd prefer non-Google users to just die off soon.
D) All of the above
Anyone interested in joining a class action lawsuit about this ?
If anyone could please suggest a way of resolving names like
'covid19booster.healthservice.ie' without using Google's DNS
servers, please let me know, I'd be much obliged.
Thank You & Best Regards,
Happy New Year in a Brave New World,
Jason
More information about the bind-users
mailing list