nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: This DNS over HTTP thing

From: "John Levine" <johnl () iecc com>
Date: 2 Oct 2019 13:14:00 -0400
In article <146431.1569964368@turing-police> you write:

-=-=-=-=-=-

On Tue, 01 Oct 2019 16:24:30 -0400, Warren Kumari said:


"More concretely, the experiment in Chrome 78 will **check if the
user’s current DNS provider** is among a list of DoH-compatible
providers, and upgrade to the equivalent DoH service **from the same
provider**. If the DNS provider isn’t in the list, Chrome will
**continue to operate as it does today.**"


I suppose this is the point somebody has to put the words "nostrils", "tent",
and "camel" in the same sentence?


This looks to me more like the tail end of the caravan.  Users have always been
at the mercy of their browsers, which have always done unexpected things.

Assuming we agree that automatically upgrading http requests to https
is OK, how is this any different?  Same endpoints, encrypted channel.

The Google people I've talked to are quite aware of the implications
of using a different DNS resolver and I would be surprised if they
ever did it without a very explicit request from the user.  In this
regard they are quite different from Mozilla who are impervious to the
reasons that sending random users' traffic to Cloudflare is not a good
idea.

R's,
John
Previous By Date Next
Previous By Thread Next

Current thread: