As we see there is no easy solution,
people DO care about responsiblility to support freedom and democracy for all of us
and we DO appreciate the great and professional work of CZ.NIC / Turris people!
If I would purchase Turris Onmia again? Already did so 
and am happy with it.
However:
The originating question IMHO is sufficiently resolved with the above statement.
I can absolutely live with this (just not to run DNS diagnostics).
There are worse trade offs (not involving Turris)! For me its OK this way.
Such a curiosity: Google and FB do not have the correct DNSSEC:
https://dnssec-analyzer.verisignlabs.com/google.com
https://dnssec-analyzer.verisignlabs.com/facebook.com
My propositions (they all have DNSSEC okay):
https://dnssec-analyzer.verisignlabs.com/nic.cz
https://dnssec-analyzer.verisignlabs.com/turris.cz
https://dnssec-analyzer.verisignlabs.com/startpage.com
https://dnssec-analyzer.verisignlabs.com/debian.org
https://dnssec-analyzer.verisignlabs.com/protonmail.com
https://dnssec-analyzer.verisignlabs.com/cloudflare.com
https://dnssec-analyzer.verisignlabs.com/icann.org
https://dnssec-analyzer.verisignlabs.com/torproject.org
https://dnssec-analyzer.verisignlabs.com/osm.org
https://dnssec-analyzer.verisignlabs.com/privacytools.io
Regards!
3 Likes
Sounds good. I prefer turris.cz.
1 Like
Let me firstly thank you for your candidates.
Regarding commercial products on some domains, which you proposed, we are thinking that anyone could see something wrong on cloudflare, protonmail, and such products. Don’t take it wrong or anyone else, we could have a similar discussion about it in the future why we are using this instead of anything else.
On the other hand, domains turris.cz and nic.cz are already part of DNS diagnostics since the beginning.
We considered it as I said earlier and we exchanged some of the domains, which you didn’t like. It is going to be part of Turris OS 5.2 release. This can be checked here.
Since Turris OS 5.2, we will be testing these domains: turris.cz, turris.com, nic.cz, rhybar.cz which are ours. Then duckduckgo.com, wikipedia.org, debian.org, fsf.org, and 0skar.cz.
8 Likes
Doesn’t it bother them having DNSSEC issues?
https://dnssec-analyzer.verisignlabs.com/duckduckgo.com
https://dnssec-analyzer.verisignlabs.com/wikipedia.org
https://dnssec-analyzer.verisignlabs.com/fsf.org
Actually, we don’t mind that. Because turris.com and debian.org have enabled DNSSEC and then there are domains without DNSSEC from the same tld. This provides us more insights and in the same time to be more bullet-proof while replying users on support, while they are struggling with DNS/DNSSEC issues.
1 Like
I greatly appreciate Pepes wise words.
My sincere praise to the Turris team for a great product and continued professional support!
In order to oppose the style of the angry bourgeoisie in this thread objectivity, I have this proposal:
For the Turris support team, it is important to enable users with a wide range of interests to quickly diagnose router functions. In a support situation it must be possible to understand the user’s situation.
Some of the 8-10 billion people use the services of major providers, while others choose not to. And some individual is always against it (very often it is the antelope).
If the analysis script can use parameter sets that correspond to the different user profiles, each user group can provide the parameter set that suits them. The Turris team can then provide a number of parameter sets that are relevant for the usual support situations. The default parameter set can be “neutral**”.
** “neutral” is interpreted very differently depending on the context. Probably different parties will have different views on what a neutral parameter set may contain. A supplier and his support team cannot resolve this.
1 Like