
The Results of the 1.1.1.1 Public DNS Resolver Privacy Examination - jgrahamc
https://blog.cloudflare.com/announcing-the-results-of-the-1-1-1-1-public-dns-resolver-privacy-examination/
======
QUFB
So APNIC essentially gets an "anonymized" firehose of DNS requests sent
through 1.1.1.1? What is their retention policy?

From
[https://www.cloudflare.com/resources/assets/slt3lc6tev37/5xl...](https://www.cloudflare.com/resources/assets/slt3lc6tev37/5xlHCvvNBrvrIoWbuk1vTy/e1058b0d366adf4e983aef99a6ed2a1f/Cloudflare_1.1.1.1_Public_Resolver_Report_-_03302020__2_.pdf):

"A log of the DNS request, with truncated source IP address, is routed from
Cloudflare’s edge data centers to Cloudflare’s main data center. The data
first enters a stream processing platform that translates the truncated source
IP address into the autonomous system number (“ASN”) of its originating
network, and deletes the data within 25 hours of ingestion. Moving from the
stream processing platform, the data flows into a database table, where the
DNS data record is stored with the ASN instead of the truncated source IP. The
DNS data records in this database table are deleted within 25 hours...

Cloudflare has an agreement with Asia-Pacific Network Information Centre
(“APNIC”) that allows Cloudflare the use of the 1.1.1.1 IP address. In
exchange, APNIC has access to the anonymized logs stored in the Public
Resolver table in Cloudflare’s data center for research purposes. APNIC has
access to this data through the use of a unique, authorized API key."

------
a012
> A public resolver user’s IP address (referred to as the client or source IP
> address) will not be stored in non-volatile storage. Cloudflare will
> anonymize source IP addresses via IP truncation methods (last octet for IPv4
> and last 80 bits for IPv6). Cloudflare will delete the truncated IP address
> within 25 hours.

IMO, truncating only last octet of IPv4 address is not anonimized enough.

~~~
jgrahamc
We drop the last octet at the edge. Then we keep the truncated IPs for 25
hours to deal with attacks. Then we delete it completely.

