Well then... I guess that leaves me no choice?

TrickDacy, 7 months ago

This is actually great design… you are being warned about a breach in privacy. How’s the bad design?

candybrie, 7 months ago

The two options are both “No”. If you aren’t going to give an option, don’t give an option. It’s confusing to have two options that are the same thing.

TrickDacy, 7 months ago

Fair.

0x0, 7 months ago

If you blocked it at the DNS level, I’m surprised the error wasn’t a resolution failure. Who’s on the other side of this connection pretending to be Google Analytics??

still, 7 months ago

next DNs probably redirects it to a landing page or something

0x0, 7 months ago

You’re probably right. Rather than responding with NXDOMAIN, they’re probably synthesizing A or AAAA records that point to their own server. IMO, this is super weird behavior in the era of HTTPS. I’m also pretty sure there’s an IETF RFC that says recursive resolvers “MUST NOT” synthesize address records, but I can’t seem to dig it up on my phone (pun intended ;).

PoolloverNathan, 1 month ago

It’s an option, default off. If you enable it it prompts you to install the CA for the block page.

0x0, 1 month ago

They ask you to install a root CA? That would enable your DNS provider to MITM your TLS traffic. Yikes.