Arnav Kumar
dig .
. 6185 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017110301 1800 900 604800 86400
dig com.
com. 32 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1509848642 1800 900 604800 86400
dig github.com
github.com. 45 IN A 192.30.255.113
dig atx.sx
; <<>> DiG 9.8.3-P1 <<>> atx.sx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20540
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;atx.sx. IN A
;; ANSWER SECTION:
atx.sx. 299 IN A 104.27.158.213
atx.sx. 299 IN A 104.27.159.213
;; Query time: 417 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 11 21:44:23 2017
;; MSG SIZE rcvd: 56
dig @127.0.0.1 -p 53 txt txt.ns.atx.sx
dig thepiratebay.org
;; ANSWER SECTION:
thepiratebay.org. 10 IN A 49.207.46.34
;; Query time: 7 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Nov 5 08:10:29 2017
;; MSG SIZE rcvd: 66
ping -c 3 8.8.8.8
64 bytes from 8.8.8.8: icmp_seq=0 ttl=48 time=75.316 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=75.115 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=77.209 ms
tl;dr We cannot afford the DNS traffic to leave our premises, and we cannot force our systems to fetch DNS over an encrypted channel