nanog mailing list archives
Re: This DNS over HTTP thing
From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Tue, 1 Oct 2019 10:08:45 +0200
On Tue, Oct 01, 2019 at 09:55:54AM +0200, Jeroen Massar <jeroen () massar ch> wrote a message of 26 lines which said:
(Because this canary domain contradicts DoH's goals, by allowing the very party you don't trust to remotely disable security.)The goal is centralization of DNS
Hmmm, no, read RFC 8484 (section 1).
While the 'connection to the recursor' is 'encrypted', the recursor is still in clear text... one just moves who can see what you are doing with this.
As with any cryptographic protocol. Same thing with VPNs, SSH and whatever: the remote end can see what you do. What's your point?
Current thread:
- Re: This DNS over HTTP thing, (continued)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing Niels Bakker (Oct 03)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 03)
- Re: This DNS over HTTP thing Brandon Martin (Oct 01)
- Re: This DNS over HTTP thing Robert Kisteleki (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Ca By (Oct 01)
- Re: This DNS over HTTP thing Matt Harris (Oct 01)