nanog mailing list archives
Re: This DNS over HTTP thing
From: Jeroen Massar <jeroen () massar ch>
Date: Tue, 1 Oct 2019 09:55:54 +0200
On 2019-10-01 09:38, Stephane Bortzmeyer wrote:
On Mon, Sep 30, 2019 at 11:56:33PM -0400, Brandon Martin <lists.nanog () monmotha net> wrote a message of 10 lines which said:It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) will go back to using your local DNS server list as per usual.Unless, I hope, the user explicitely overrides this. (Because this canary domain contradicts DoH's goals, by allowing the very party you don't trust to remotely disable security.)
The goal is centralization of DNS and being to see more what users (or at least the aggregate stats, so that they can claim "we do not keep your data/IP/lookups") do, the goal is not that of 'security' or 'privacy'. While the 'connection to the recursor' is 'encrypted', the recursor is still in clear text... one just moves who can see what you are doing with this. Also keep a split between the protocol and the implementation. DoT and DoH both serve the same goal of "encryption", but that is not being used here: they also want to move the recursor to another entity... At least the use-application-dns.net zone is now not DNSSEC signed anymore as it was before, thus at least a NXDOMAIN can now be caused instead of SERVFAIL as .net indicated a signature, while one overrode that locally... Greets, Jeroen
Current thread:
- Re: This DNS over HTTP thing, (continued)
- Re: This DNS over HTTP thing Niels Bakker (Oct 02)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing Niels Bakker (Oct 03)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 03)
- Re: This DNS over HTTP thing Brandon Martin (Oct 01)
- Re: This DNS over HTTP thing Robert Kisteleki (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Ca By (Oct 01)
- Re: This DNS over HTTP thing Matt Harris (Oct 01)