This policy covers applies to the following services (called
The policy aims to be compliant with Mozilla’s Trusted Recursive Resolver (TRR) program.
|2019-05-12||Draft Version published|
|2019-05-28||Second Draft see diff|
Your data is not logged by default. If it has to be logged, it will be deleted within 1 hour. No queries or respones are modified, and no domains are blocked or filtered. If law enforcement forces me to do anything of the above, the block list will be updated, along with an Annual Transparency Report. Your data (even anonymized or aggregate) will never be sold or shared with another third party.
When you make a DNS Query to the resolver over either
DNS-over-HTTPS or using
DNSCrypt, the following information is transmitted from your end:
The resolver then translates the domain name to an IP address by querying the authoritative nameserver for the domain (
ns.captnemo.in for eg). This query is made by the resolver on your behalf with no information about you passed to the nameserver. It also caches this response.
“Identifiable User Data” (below) can refer to either your IP Address, or any other information that can be used to identify you (such as a set of unique domains that you’ve visited).
“Aggregate User Data” refers to anonymized user information, such as the number of requests received from a given IP Address over time.
The following matrix lists down all the data that the resolver receives, and what can be done to it.
Debugging in the above refers to scenarios where I may turn on server logging for debugging purposes while trying to resolve an issue. This may log certain data that will be deleted as per the retention period.
Legal Requests for user data will be responded to with “Data not available” since no user data is stored on the server. Legal Requests for any other information about the service will be dealt with as per the law.
Transparency reports for the resolvers is published on an annual basis. The reports will include:
Transparency Reports for the following years are published below:
NXDOMAINresponses for absent domains will be provided.
I (Abhay Rana) run this resolver with your Privacy and Security in mind. I’m an InfoSec professional with enough experience to do this safely. The resolver runs out of the Digital Ocean Bangalore Region, which is colocated with NetMagic IT Services Private Limited in Electronic City Bangalore. The Data Center is both SOC1 and SOC2 certified.
The resolver is co-located on a Droplet that runs a few other personal webservices.
The objectives of the resolver: