nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: This DNS over HTTP thing

From: Michael Thomas <mike () mtcc com>
Date: Tue, 1 Oct 2019 12:27:08 -0700

On 10/1/19 12:18 PM, Jay R. Ashworth wrote:

----- Original Message -----

From: "Stephane Bortzmeyer" <bortzmeyer () nic fr>
On Mon, Sep 30, 2019 at 11:56:33PM -0400,
Brandon Martin <lists.nanog () monmotha net> wrote
a message of 10 lines which said:


It's use-application-dns.net.  NXDOMAIN it, and Mozilla (at least)
will go back to using your local DNS server list as per usual.

Unless, I hope, the user explicitely overrides this. (Because this
canary domain contradicts DoH's goals, by allowing the very party you
don't trust to remotely disable security.)

Security?

This is thought to be about security?

Didn't we already *fix* DNS SECurity?



DNSSEC only deals with authentication, not confidentiality...



No, I tend to buy the "Alphabet looking over your shoulder" argument
a lot more than 'security', here, so far.
...of course the main people you'd like to keep this confidential from are the ones on the other end of the DNS pipe, be it ISP's or Google, et al. So i'm not exactly sure what problem this solves, beyond giving Google and the rest a shot at seeing all of that yummy data. 

Mike
Previous By Date Next
Previous By Thread Next

Current thread: