This DNS over HTTP thing

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/1/19 12:18 PM, Jay R. Ashworth wrote:
> ----- Original Message -----
>> From: "Stephane Bortzmeyer" <bortzmeyer at nic.fr>
>> On Mon, Sep 30, 2019 at 11:56:33PM -0400,
>> Brandon Martin <lists.nanog at monmotha.net> wrote
>> a message of 10 lines which said:
>>
>>> It's use-application-dns.net.  NXDOMAIN it, and Mozilla (at least)
>>> will go back to using your local DNS server list as per usual.
>> Unless, I hope, the user explicitely overrides this. (Because this
>> canary domain contradicts DoH's goals, by allowing the very party you
>> don't trust to remotely disable security.)
> Security?
>
> This is thought to be about security?
>
> Didn't we already *fix* DNS SECurity?


DNSSEC only deals with authentication, not confidentiality...

>
> No, I tend to buy the "Alphabet looking over your shoulder" argument
> a lot more than 'security', here, so far.

...of course the main people you'd like to keep this confidential from 
are the ones on the other end of the DNS pipe, be it ISP's or Google, et 
al. So i'm not exactly sure what problem this solves, beyond giving 
Google and the rest a shot at seeing all of that yummy data.

Mike

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]