Re: DNS over HTTPS changes

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

On Wed, 25 Sep 2019 at 08:32, Barros, Jacob <jkbarros () grace edu> wrote:


> Specifically, for institutionally managed devices are you disabling DNS
> over HTTPS in your browsers?  For non-managed devices, is there intent to
> block DNS over HTTPs or TLS and if so what would your reasons be for doing
> so?

Aye we'll disable it via browser config for managed/University-owned
devices with plans to blacklist any known DoH servers via DNS and DNS over
TLS servers by IP for University "business" networks.

For students and "guests", we wouldn't dare - we are their ISP, we stay
very hands-off with them.

Has anyone published information for students on how this might impact
> them?  I know Cisco has published workarounds if there is an issue with
> Umbrella/OpenDns.  Are there other services that you're concerned about?

My biggest concern with students is sending all of their DNS searches to
companies with a vested interest in monetising their data, but the illusion
of privacy and industry-introduced security theatre is often more
persuasive than the reality and it's their choice to make.

kmw

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community