what is wrong with DNS name 'covid19booster.healthservice.ie' ? : Google : what is Google's secret DNS service ?

Ondřej Surý ondrej at isc.org
Sat Jan 8 15:54:47 UTC 2022 

That’s a question that you need to ask people running these nameservers: 159.134.0.11; 159.134.0.12; 

The domain works fine from here and those servers serve only your ISP it seems.

Ondřej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 8. 1. 2022, at 16:34, Jason Vas Dias <jason.vas.dias at gmail.com> wrote:
> 
> 
> Good day -
> 
>   I use BIND v9.16.24-1.fc34 on a fully up-to-date Fedora 34
>   x86_64 installation as a 'Caching-Only Nameserver', and
>   to serve a few local zones ( devices attaching to my
>   hostapd wireless network for instance ), and to serve
>   a DNS RPZ zone to direct adware / spyware hosts to 0.0.0.0.
> 
>   My Internet Connection is as follows:
> 
>        ( GSM 4g/3g modem
>              WAN IP DHCP address provided by eir.com, with
>              nameservers: 159.134.0.11; 159.134.0.12;
>              served by DHCP
>          Does DHCP and NAT for DHCP leased addresses
>        ) ||
>          || 100m Cat6 Ethernet Cable
>          ||           
>        ( My Linux Laptop's Dell Thunderbolt Ethernet port
>          Gets DHCP address from Modem.
> 
>          Hostapd provides Access Point to @ 4 devices
>          connecting via DHCP; does NAT for this wireless
>          DHCP subnet to the modem assigned DHCP address.
>        ) / | \
>        ( several Android units for testing ...)
> 
>   So I copy the DNS server addresses my ISP gives the
>   modem with DHCP into my named.conf's forwarders clause:
> 
>     forwarders { 159.134.0.11; 159.134.0.12; } ;
> 
>   This has seemed to work fine up til now.
> 
>   Now, when I try to access the Irish Health & Safety
>   Executive's (HSE) website to make a Coronavirus
>   booster appointment, as advertised on its web-page:
> 
>   https://www2.hse.ie/screening-and-vaccinations/covid-19-vaccine/get-the-vaccine/booster-booking/
> 
>   where one is meant to click on the link:
> 
>   "Book An Appointment": https://covid19booster.healthservice.ie/
> 
>   to make an appointment, Firefox and Chrome both return 
>   "Server Not Found" errors .
> 
>   Running 'host' and 'dig' show NO DNS records for this address:
> 
>   # host covid19booster.healthservice.ie
>   Host covid19booster.healthservice.ie not found: 3(NXDOMAIN)
> 
>   # dig covid19booster.healthservice.ie @159.134.0.11
> 
> ; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @159.134.0.11
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5751
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: d8709a304768c6c62d5def9761d9a5a5a7041a24829eafd0 (good)
> ;; QUESTION SECTION:
> ;covid19booster.healthservice.ie. IN    A
> 
> ;; AUTHORITY SECTION:
> healthservice.ie.    8946    IN    SOA    ns1.ie.topsec.com. hostmaster.topsec.com. 2022010601 3600 1200 3628800 10800
> 
> ;; Query time: 46 msec
> ;; SERVER: 159.134.0.11#53(159.134.0.11)
> ;; WHEN: Sat Jan 08 14:58:38 GMT 2022
> ;; MSG SIZE  rcvd: 152
> 
> 
> # dig covid19booster.healthservice.ie @159.134.0.12
> 
> ; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @159.134.0.12
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64814
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 367dae8c9918d4ae9b2b923761d9a6a0d321e2a74da293d9 (good)
> ;; QUESTION SECTION:
> ;covid19booster.healthservice.ie. IN    A
> 
> ;; AUTHORITY SECTION:
> healthservice.ie.    9549    IN    SOA    ns1.ie.topsec.com. hostmaster.topsec.com. 2022010601 3600 1200 3628800 10800
> 
> ;; Query time: 42 msec
> ;; SERVER: 159.134.0.12#53(159.134.0.12)
> ;; WHEN: Sat Jan 08 14:58:40 GMT 2022
> ;; MSG SIZE  rcvd: 152
> 
>  To show this configuration does work for other addresses:
> 
> # dig www.kernel.org
> 
> ; <<>> DiG 9.16.24-RH <<>> www.kernel.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40744
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: aa286ca3eb2f9d1d0100000061d9a70bded0d6956f6f711c (good)
> ;; QUESTION SECTION:
> ;www.kernel.org.            IN    A
> 
> ;; ANSWER SECTION:
> www.kernel.org.        60    IN    CNAME    geo.source.kernel.org.
> geo.source.kernel.org.    60    IN    CNAME    ams.source.kernel.org.
> ams.source.kernel.org.    3462    IN    A    145.40.68.75
> 
> ;; Query time: 114 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Sat Jan 08 15:00:27 GMT 2022
> ;; MSG SIZE  rcvd: 140
> 
> 
> 
>  Visiting internic.net's whois server shows no records for
>  covid19booster.healthservice.ie, but instead these
>  error messages are displayed: 
> 
>  Whois Lookup 'covid19booster.healthservice.ie':
>  "
>    No registry RDAP server was identified for this domain. Attempting lookup using WHOIS service.
> 
>    Failed to perform lookup using WHOIS service: TLD_NOT_SUPPORTED 
>  "
> 
>  As a result, I am unable to make a Covid Booster appointment , and as
>  my Covid certificate is soon to expire I will soon lose my rights
>  to travel, use public transport, shops, restaurants etc. who all
>  now require a current Covid Vaccination Certificate to enable use of these
>  services - I will be a third-class citizen, trapped in my 20-mile
>  radius locality, unable to use shops ...
> 
>  Of course, the HSE.IE, in common with all Western Government
>  institutions these days, is a 100% Web-Site driven venture, 
>  their phone numbers are unanswered, they do not respond to
>  emails, letters, or their Web Complaints Form, and as a 
>  result my human rights are about to be suspended, and
>  there is no means of appeal ( though I am considering taking
>  the HSE to the European Court of Human Rights about this ... ).
> 
>  However, I noticed my Android mobile phone, when it is not connected
>  to my Laptop, CAN resolve 'covid19booster.healthservice.ie', because
>  it uses Google's DNS server '8.8.8.8' .
> 
>  So it appears that human rights and Covid protection in Ireland are 
>  only granted to users of Google's DNS servers.
> 
>  Indeed, when I ask my laptop's dig to query Google's 8.8.8.8
>  server, this succeeds:
> 
>  # dig covid19booster.healthservice.ie @8.8.8.8
> 
> ; <<>> DiG 9.16.24-RH <<>> covid19booster.healthservice.ie @8.8.8.8
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35984
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;covid19booster.healthservice.ie. IN    A
> 
> ;; ANSWER SECTION:
> covid19booster.healthservice.ie. 3144 IN CNAME    hse-self-referral.swiftqueue.com.
> hse-self-referral.swiftqueue.com. 40 IN    A    52.50.21.250
> hse-self-referral.swiftqueue.com. 40 IN    A    52.214.178.78
> 
> ;; Query time: 52 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Sat Jan 08 15:12:58 GMT 2022
> ;; MSG SIZE  rcvd: 138
> 
> 
>   So the Irish Government Healthcare system's website is ONLY accessable
>   to users of Google's DNS servers.
> 
>   But I don't want to use Google's DNS servers to allow
>   Google to spy on my web activity on my laptop.
> 
>   I thought the DNS was meant to be global, and publically available ?
> 
>   What has changed in this regard ?
> 
>   What secret sauce do Google DNS servers have that is not
>   available to servers run by other operators ?
> 
>   How can I query the "Google Only" Secret Web, without giving information to
>   Google ?
> 
>   Who should I sue about this ?
>   Either :
>    A) My ISP, for not giving me access to the whole
>       internet & DNS system, for which I pay them
>       €50 per month ;
> 
>    B) HSE, for discriminating against those who
>       do not use Google DNS services, denying them
>       access to Covid vaccination appointments ;
> 
>    C) Google, for destroying the 'global, publically available'
>       nature of the DNS and Internet, and for hiding essential
>       health information from non-Google users ? 
>       I guess they'd prefer non-Google users to just die off soon.
> 
>    D) All of the above
> 
>  Anyone interested in joining a class action lawsuit about this ?
> 
>  If anyone could please suggest a way of resolving names like
>  'covid19booster.healthservice.ie' without using Google's DNS
>  servers, please let me know, I'd be much obliged.
> 
> Thank You & Best Regards, 
> Happy New Year in a Brave New World,
> Jason
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list